Risk | Low |
Patch available | YES |
Number of vulnerabilities | 196 |
CVE-ID | CVE-2024-25741 CVE-2024-41064 CVE-2024-41087 CVE-2023-52888 CVE-2024-42098 CVE-2024-42111 CVE-2024-42076 CVE-2024-42088 CVE-2024-42135 CVE-2024-42145 CVE-2024-42142 CVE-2024-41036 CVE-2024-41071 CVE-2024-41012 CVE-2024-42091 CVE-2024-42253 CVE-2024-42119 CVE-2024-42097 CVE-2024-42243 CVE-2024-39487 CVE-2024-42235 CVE-2024-42120 CVE-2024-42149 CVE-2024-41015 CVE-2024-41074 CVE-2024-42067 CVE-2024-42090 CVE-2024-42128 CVE-2024-41038 CVE-2024-42113 CVE-2024-42102 CVE-2024-42231 CVE-2024-42080 CVE-2024-42241 CVE-2024-42106 CVE-2024-42130 CVE-2024-42073 CVE-2024-42153 CVE-2024-42156 CVE-2024-42118 CVE-2024-41007 CVE-2024-41049 CVE-2024-39486 CVE-2024-42240 CVE-2024-41018 CVE-2024-42251 CVE-2024-42280 CVE-2024-42096 CVE-2024-42121 CVE-2024-42246 CVE-2024-42092 CVE-2024-41090 CVE-2024-42157 CVE-2024-43858 CVE-2024-42150 CVE-2024-42110 CVE-2024-41010 CVE-2024-41081 CVE-2024-41061 CVE-2024-41078 CVE-2024-41094 CVE-2024-41039 CVE-2024-42114 CVE-2024-42109 CVE-2024-41030 CVE-2024-42066 CVE-2024-41035 CVE-2024-42146 CVE-2024-42131 CVE-2024-41059 CVE-2024-41067 CVE-2024-42138 CVE-2024-41050 CVE-2024-41034 CVE-2024-41077 CVE-2024-41076 CVE-2024-41088 CVE-2024-41096 CVE-2024-41073 CVE-2024-41037 CVE-2024-42232 CVE-2024-41063 CVE-2024-42117 CVE-2024-42155 CVE-2024-41080 CVE-2024-42132 CVE-2024-42084 CVE-2024-42136 CVE-2024-42223 CVE-2024-41068 CVE-2024-42225 CVE-2024-42065 CVE-2024-41051 CVE-2024-43855 CVE-2024-42238 CVE-2024-42250 CVE-2024-42112 CVE-2024-41070 CVE-2023-52887 CVE-2024-42094 CVE-2024-42095 CVE-2024-41086 CVE-2024-41020 CVE-2024-41082 CVE-2024-42115 CVE-2024-42152 CVE-2024-42239 CVE-2024-42093 CVE-2024-42126 CVE-2024-41022 CVE-2024-41017 CVE-2024-41092 CVE-2024-41044 CVE-2024-42140 CVE-2024-41029 CVE-2024-41054 CVE-2024-42158 CVE-2024-41066 CVE-2024-42244 CVE-2024-42070 CVE-2024-41025 CVE-2024-42229 CVE-2024-42085 CVE-2024-41084 CVE-2024-41060 CVE-2024-41062 CVE-2024-42105 CVE-2024-42124 CVE-2024-41045 CVE-2024-42227 CVE-2024-41047 CVE-2024-41042 CVE-2024-42100 CVE-2024-42247 CVE-2024-41041 CVE-2024-42087 CVE-2024-42252 CVE-2024-41058 CVE-2024-42063 CVE-2024-42271 CVE-2024-41027 CVE-2024-42079 CVE-2024-42104 CVE-2024-41098 CVE-2024-41033 CVE-2024-41072 CVE-2024-41031 CVE-2024-42089 CVE-2024-41032 CVE-2024-42127 CVE-2024-41093 CVE-2024-42082 CVE-2024-41023 CVE-2024-41075 CVE-2024-42151 CVE-2024-42141 CVE-2024-42108 CVE-2024-42068 CVE-2024-41085 CVE-2024-42103 CVE-2024-41057 CVE-2024-42064 CVE-2024-42161 CVE-2024-41052 CVE-2024-41053 CVE-2024-42069 CVE-2024-41021 CVE-2024-42147 CVE-2024-41065 CVE-2024-41091 CVE-2024-41079 CVE-2024-42086 CVE-2024-42234 CVE-2024-41055 CVE-2024-41083 CVE-2024-42101 CVE-2024-42230 CVE-2024-41095 CVE-2024-41019 CVE-2024-42245 CVE-2024-42129 CVE-2024-42144 CVE-2024-42236 CVE-2024-41028 CVE-2024-42077 CVE-2024-42248 CVE-2024-41046 CVE-2024-42133 CVE-2024-42074 CVE-2024-41089 CVE-2024-42237 CVE-2024-41056 CVE-2024-41048 CVE-2024-42137 CVE-2024-41069 CVE-2024-41097 |
CWE-ID | CWE-399 CWE-667 CWE-415 CWE-20 CWE-125 CWE-908 CWE-119 CWE-416 CWE-388 CWE-476 CWE-682 CWE-190 CWE-617 CWE-835 CWE-401 CWE-96 CWE-269 CWE-843 CWE-665 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-oem-24.04a (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1016-oem (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 196 vulnerabilities.
EUVDB-ID: #VU94364
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25741
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the printer_write() in drivers/usb/gadget/function/f_printer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95057
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52888
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the h264_enc_free_work_buf() function in drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c, within the vdec_av1_slice_free_working_buffer() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_av1_req_lat_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95100
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42098
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ecdh_set_secret() function in crypto/ecdh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94950
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42111
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_qgroup_check_inherit() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95031
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42076
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the MODULE_ALIAS() and j1939_send_one() functions in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94953
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42088
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the SND_SOC_DAILINK_DEFS() function in sound/soc/mediatek/mt8195/mt8195-mt6359.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95095
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42135
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhost_task_fn(), EXPORT_SYMBOL_GPL() and vhost_task_create() functions in kernel/vhost_task.c, within the __vhost_worker_flush(), vhost_vq_reset(), vhost_worker(), vhost_worker_create(), __vhost_vq_attach_worker() and vhost_free_worker() functions in drivers/vhost/vhost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95083
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the acl_ingress_ofld_setup(), esw_acl_ingress_src_port_drop_create(), esw_acl_ingress_ofld_groups_destroy() and esw_acl_ingress_ofld_setup() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94995
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41036
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ks8851_tx_work() function in drivers/net/ethernet/micrel/ks8851_spi.c, within the ks8851_irq() and ks8851_set_rx_mode() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94956
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41071
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94672
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95102
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42091
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xe_pat_dump() function in drivers/gpu/drm/xe/xe_pat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95562
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42253
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pca953x_irq_bus_sync_unlock() function in drivers/gpio/gpio-pca953x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42119
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95001
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42097
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95511
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42243
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/linux/pagemap.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93889
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39487
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95505
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42235
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crst_table_alloc() and base_crst_alloc() functions in arch/s390/mm/pgalloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95013
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42149
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fs_bdev_thaw() function in fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41074
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cachefiles_ondemand_copen() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95077
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42067
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94988
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42090
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95058
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42128
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the an30259a_probe() function in drivers/leds/leds-an30259a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95048
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41038
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cs_dsp_coeff_parse_string(), cs_dsp_coeff_parse_int(), cs_dsp_coeff_parse_coeff() and cs_dsp_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95025
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42113
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the wx_set_interrupt_capability() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95034
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42102
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95061
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42231
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the calc_available_free_space() function in fs/btrfs/space-info.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95103
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42080
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rdma_restrack_init() and type2str() functions in drivers/infiniband/core/restrack.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95517
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42241
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the shmem_confirm_swap() and shmem_is_huge() functions in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95024
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42106
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95075
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42130
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the virtual_ncidev_write() function in drivers/nfc/virtual_ncidev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94940
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_sb_sr_occ_query_cb(), mlxsw_reg_sbsr_pack() and mlxsw_sp_sb_occ_max_clear() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94983
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42153
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95091
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95006
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42118
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the resource_stream_to_stream_idx() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94345
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41007
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94947
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41049
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93834
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39486
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_file_update_pid() function in drivers/gpu/drm/drm_file.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95516
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42240
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94838
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41018
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the log_replay() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95560
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42251
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the page_folio() function in mm/gup.c, within the filemap_get_folios_contig(), filemap_get_read_batch() and next_uptodate_folio() functions in mm/filemap.c, within the cifs_extend_writeback() function in fs/smb/client/file.c, within the afs_extend_writeback() function in fs/afs/write.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96106
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94987
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42096
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95098
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42121
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95515
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42246
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95000
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42092
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the davinci_gpio_probe() function in drivers/gpio/gpio-davinci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94840
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95090
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42157
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96113
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95049
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42150
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the txgbe_open() function in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c, within the txgbe_irq_enable(), txgbe_request_irq() and txgbe_setup_misc_irq() functions in drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c, within the wx_free_irq() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c, within the wx_sw_init() function in drivers/net/ethernet/wangxun/libwx/wx_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95050
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42110
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntb_netdev_rx_handler() function in drivers/net/ntb_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94507
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41010
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ingress_init(), ingress_destroy(), clsact_init() and clsact_destroy() functions in net/sched/sch_ingress.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95051
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41081
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94955
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41061
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dml2_calculate_rq_and_dlg_params() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94929
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95056
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41094
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drm_fbdev_dma_helper_fb_probe() function in drivers/gpu/drm/drm_fbdev_dma.c, within the drm_fb_helper_alloc_info() and __drm_fb_helper_initial_config_and_unlock() functions in drivers/gpu/drm/drm_fb_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95042
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41039
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the cs_dsp_adsp1_parse_sizes(), cs_dsp_adsp2_parse_sizes(), cs_dsp_load() and cs_dsp_buf_free() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94986
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42114
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94934
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42109
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_rcv_nl_event() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95021
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41030
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smb2_create_open_flags() and smb2_open() functions in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95038
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42066
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the xe_ttm_vram_mgr_new() function in drivers/gpu/drm/xe/xe_ttm_vram_mgr.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95109
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41035
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95065
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42146
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the p2p_enabled() and dma_buf_run_device() functions in drivers/gpu/drm/xe/tests/xe_dma_buf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95007
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41067
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the scrub_submit_extent_sector_read() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94959
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42138
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfree() function in drivers/net/ethernet/mellanox/mlxsw/core_linecards.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94993
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41050
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cachefiles_ondemand_send_req() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95020
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41034
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94976
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41077
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94928
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_set_security_label() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94989
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41088
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251xfd_tx_obj_from_skb(), mcp251xfd_tx_busy() and mcp251xfd_start_xmit() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251xfd_open() and mcp251xfd_stop() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94941
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41096
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the msi_capability_init() function in drivers/pci/msi/msi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95011
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41073
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94975
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41037
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hda_dai_suspend() function in sound/soc/sof/intel/hda-dai.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95503
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94992
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95005
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42117
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the find_disp_cfg_idx_by_plane_id() and find_disp_cfg_idx_by_stream_id() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_dc_resource_mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95092
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42155
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94990
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41080
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95060
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42132
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hci_conn_hash_alloc_unset() and hci_conn_add_unset() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95052
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42084
CWE-ID:
CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95036
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42136
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the cdrom_ioctl_timed_media_change() function in drivers/cdrom/cdrom.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95037
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42223
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95028
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42225
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mt7915_mcu_add_nested_subtlv() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c, within the mt76_connac_mcu_add_nested_tlv(), mt76_connac_mcu_hw_scan(), mt76_connac_mcu_sched_scan_req(), mt76_connac_mcu_update_gtk_rekey() and mt76_connac_mcu_set_wow_pattern() functions in drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95104
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42065
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xe_ttm_stolen_mgr_init() function in drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94946
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41051
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_ondemand_clean_object() function in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96147
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43855
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95514
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42238
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cs_dsp_load() and cs_dsp_load_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95509
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42250
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cachefiles_daemon_poll() function in fs/cachefiles/daemon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94933
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42112
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the txgbe_open() and txgbe_remove() functions in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c, within the wx_free_irq() and ngbe_close() functions in drivers/net/ethernet/wangxun/ngbe/ngbe_main.c, within the wx_setup_isb_resources() and wx_free_all_tx_resources() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94942
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95018
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52887
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the j1939_xtp_rx_rts_session_new() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95040
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42094
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the iucv_setmask_mp() and iucv_cpu_online() functions in net/iucv/iucv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95101
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42095
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95002
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41086
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the downgrade_entry_next_c() and bch2_sb_downgrade_validate() functions in fs/bcachefs/sb-downgrade.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94996
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95073
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41082
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94932
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42115
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94922
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42152
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95507
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42239
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __bpf_async_init(), drop_prog_refcnt(), BPF_CALL_1() and hrtimer_cancel() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95039
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94997
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95022
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41022
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94938
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41092
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95108
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94985
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42140
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the machine_kexec_mask_interrupts() function in arch/riscv/kernel/machine_kexec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95085
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41029
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the nvmem_populate_sysfs_cells() function in drivers/nvmem/core.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94980
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41054
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and ufshcd_mcq_sq_cleanup() functions in drivers/ufs/core/ufs-mcq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95064
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42158
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94927
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41066
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94923
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c,
within the nf_tables_fill_setelem() and nft_validate_register_store()
functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.
Update the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94925
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41025
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fastrpc_init_create_static_process() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95078
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94965
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42085
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_suspend_common() and dwc3_resume_common() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94973
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41084
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __cxl_dpa_to_region() function in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94978
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41060
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94977
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94936
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42105
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_store_disk_layout() function in fs/nilfs2/the_nilfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95097
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94948
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41045
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_timer_delete_work(), __bpf_async_init() and __bpf_spin_unlock_irqrestore() functions in kernel/bpf/helpers.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95088
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42227
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dml_core_mode_programming() function in drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94994
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i40e_xdp_setup() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95003
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41042
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95044
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42100
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the sunxi_ccu_probe() function in drivers/clk/sunxi-ng/ccu_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95518
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42247
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the swap_endian() function in drivers/net/wireguard/allowedips.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95069
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41041
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95066
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42087
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ili9881c_prepare() and ili9881c_unprepare() functions in drivers/gpu/drm/panel/panel-ilitek-ili9881c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95561
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42252
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94944
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41058
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_withdraw_volumes() function in fs/cachefiles/cache.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95030
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42063
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the PROG_NAME() and PROG_NAME_ARGS() functions in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96105
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95071
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41027
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the userfaultfd_api() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94968
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42079
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94937
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42104
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94970
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41098
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95110
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41033
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the workingset_eviction(), workingset_test_recent() and workingset_refault() functions in mm/workingset.c, within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95106
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41072
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95070
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41031
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_sync_mmap_readahead() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94964
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fsl_asoc_card_probe() function in sound/soc/fsl/fsl-asoc-card.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95079
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41032
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95014
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42127
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95019
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41093
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_vkms_prepare_fb() and amdgpu_vkms_cleanup_fb() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95055
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94924
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41023
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95004
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cachefiles_ondemand_fd_llseek(), cachefiles_ondemand_fd_ioctl() and cachefiles_ondemand_copen() functions in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94957
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42151
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_dummy_unreg() and bpf_dummy_test_sleepable() functions in net/bpf/bpf_dummy_struct_ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94984
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42141
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iso_sock_recvmsg() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94935
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42108
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rswitch_tx_free() function in drivers/net/ethernet/renesas/rswitch.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95076
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42068
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94972
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41085
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cxl_mem_probe() function in drivers/cxl/mem.c, within the cxl_pmem_region_alloc() function in drivers/cxl/core/region.c, within the match_nvdimm_bridge() and cxlmd_release_nvdimm() functions in drivers/cxl/core/pmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95016
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42103
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the btrfs_reclaim_bgs_work() function in fs/btrfs/block-group.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94945
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41057
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_free_volume() function in fs/cachefiles/volume.c, within the cachefiles_withdraw_objects() and cachefiles_withdraw_cache() functions in fs/cachefiles/cache.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42064
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dml2_calculate_rq_and_dlg_params() and dml2_verify_det_buffer_configuration() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95027
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42161
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95047
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41052
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the vfio_pci_ioctl_get_pci_hot_reset_info() function in drivers/vfio/pci/vfio_pci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94981
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41053
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufshcd_abort_one() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95009
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42069
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the add_adev() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95023
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41021
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the handle_fault_error_nolock() function in arch/s390/mm/fault.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95094
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dfx_regs_uninit(), qm_diff_regs_init() and qm_last_regs_init() functions in drivers/crypto/hisilicon/debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94926
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41065
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94841
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41091
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94930
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41079
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_execute_admin_connect() and nvmet_execute_io_connect() functions in drivers/nvme/target/fabrics-cmd.c, within the pr_debug() and nvmet_execute_auth_receive() functions in drivers/nvme/target/fabrics-cmd-auth.c, within the nvmet_req_init() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95041
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42086
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bme680_compensate_temp(), bme680_compensate_press() and bme680_compensate_humid() functions in drivers/iio/chemical/bme680_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95506
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42234
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the folio_migrate_mapping() function in mm/migrate.c, within the mem_cgroup_migrate() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94979
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41055
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94974
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41083
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the netfs_page_mkwrite() function in fs/netfs/buffered_write.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94963
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42101
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95062
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42230
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94966
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94839
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41019
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95508
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42245
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the detach_tasks() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95059
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42129
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlxreg_led_probe() function in drivers/leds/leds-mlxreg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94958
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42144
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lvts_probe() function in drivers/thermal/mediatek/lvts_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95502
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94954
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41028
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/platform/x86/toshiba_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95068
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95512
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42248
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ma35d1serial_probe() function in drivers/tty/serial/ma35d1_serial.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95010
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41046
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ltq_etop_free_channel() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95096
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42133
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_le_big_sync_established_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94969
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42074
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_acp_resume() function in sound/soc/amd/acp/acp-pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95513
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42237
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cs_dsp_load(), cs_dsp_load_coeff() and regmap_async_complete() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95107
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41056
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cs_dsp_coeff_parse_alg() and cs_dsp_coeff_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94982
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94931
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42137
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qca_serdev_shutdown() function in drivers/bluetooth/hci_qca.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94943
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95067
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41097
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.8 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16
linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16
CPE2.3http://ubuntu.com/security/notices/USN-7089-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.