Debian update for linux

1) Race condition

EUVDB-ID: #VU70503

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45888

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a race condition within the drivers/char/xillybus/xillyusb.c in Linux kernel. An attacker with physical access to the system can trigger a use-after-free error during physical removal of a USB device and execute arbitrary code.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU91085

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52812

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smu_v13_0_update_pcie_parameters() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU90317

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26952

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the smb2_tree_connect(), smb2_open(), smb2_query_dir(), smb2_get_ea(), smb2_set_info_file(), smb2_set_info(), fsctl_pipe_transceive() and smb2_ioctl() functions in fs/smb/server/smb2pdu.c, within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can execute arbitrary code.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU90321

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26954

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU93796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35964

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iso_sock_setsockopt() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU93252

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36244

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU93029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36478

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nullb_update_nr_hw_queues(), nullb_device_power_store(), null_add_dev() and null_create_dev() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU90269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36914

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dm_resume(), get_highest_refresh_rate_mode() and amdgpu_dm_commit_audio() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU90268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36915

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use of uninitialized resource

EUVDB-ID: #VU90864

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36923

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the v9fs_evict_inode() function in fs/9p/vfs_inode.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU92331

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38540

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU92369

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38553

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU94990

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41080

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU96189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42322

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU96306

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43868

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYM_CODE_END() function in arch/riscv/purgatory/entry.S. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU96529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43904

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_apply_idle_power_optimizations() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU96523

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ieee80211_start_tx_ba_session() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper neutralization of directives in statically saved code (\'static code injection\')

EUVDB-ID: #VU96884

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44949

CWE-ID: CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that 2 unrelated 16-byte allocations share a cache line. If 1 of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that is the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU98877

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49960

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU99220

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU98881

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the x86_android_tablet_probe() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU98882

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Incorrect calculation

EUVDB-ID: #VU99186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50012

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the include/linux/cpufreq.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Incorrect calculation

EUVDB-ID: #VU99185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50036

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU99434

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50067

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU99457

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50072

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/x86/include/asm/nospec-branch.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU99807

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50126

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_dump() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Double free

EUVDB-ID: #VU100190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50215

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvmet_setup_dhgroup() function in drivers/nvme/target/auth.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU100187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU100182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50228

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU100188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Division by zero

EUVDB-ID: #VU100199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50232

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad7124_write_raw() function in drivers/iio/adc/ad7124.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Division by zero

EUVDB-ID: #VU100200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50233

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU100184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Double free

EUVDB-ID: #VU100191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50235

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the _cfg80211_unregister_wdev() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Memory leak

EUVDB-ID: #VU100162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use of uninitialized resource

EUVDB-ID: #VU100194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50237

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU100207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50242

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ntfs_file_release() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Input validation error

EUVDB-ID: #VU100206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50243

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ni_find_attr() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use of uninitialized resource

EUVDB-ID: #VU100195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50244

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ni_clear() function in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper locking

EUVDB-ID: #VU100185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50245

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_lookup() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU100172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50247

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decompress_chunk() function in fs/ntfs3/lznt.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper locking

EUVDB-ID: #VU100186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50249

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the acpi_cppc_processor_probe() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Buffer overflow

EUVDB-ID: #VU100198

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50250

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dax_unshare_iter() function in fs/dax.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Incorrect calculation

EUVDB-ID: #VU100202

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-50251

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: Yes

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nft_payload_set_eval() function in net/netfilter/nft_payload.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

48) Memory leak

EUVDB-ID: #VU100163

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50252

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_ipip_ol_netdev_change_gre6() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU100180

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50255

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __hci_cmd_sync_sk() and __hci_cmd_sync_status_sk() functions in net/bluetooth/hci_sync.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper error handling

EUVDB-ID: #VU100192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50256

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nf_reject6_fill_skb_dst() and nf_send_reset6() functions in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU100168

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50257

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xt_find_table_lock() function in net/netfilter/x_tables.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Input validation error

EUVDB-ID: #VU100204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50259

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nsim_nexthop_bucket_activity_write() function in drivers/net/netdevsim/fib.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU100169

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50261

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macsec_free_netdev() function in drivers/net/macsec.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

EUVDB-ID: #VU100173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50262

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU100612

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50264

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Memory leak

EUVDB-ID: #VU100610

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50265

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU100613

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50267

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Out-of-bounds read

EUVDB-ID: #VU100618

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50268

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ucsi_ccg_update_set_new_cam_cmd() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper locking

EUVDB-ID: #VU100628

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50271

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dec_rlimit_put_ucounts() and inc_rlimit_get_ucounts() functions in kernel/ucount.c, within the __sigqueue_alloc() function in kernel/signal.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Infinite loop

EUVDB-ID: #VU100640

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50272

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the filemap_read() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) NULL pointer dereference

EUVDB-ID: #VU100623

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50273

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Double free

EUVDB-ID: #VU100632

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50276

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mse102x_tx_frame_spi() function in drivers/net/ethernet/vertexcom/mse102x.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Out-of-bounds read

EUVDB-ID: #VU100619

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50278

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Out-of-bounds read

EUVDB-ID: #VU100620

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50279

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU100614

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the check_migrations(), destroy(), cache_create() and cache_ctr() functions in drivers/md/dm-cache-target.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Buffer overflow

EUVDB-ID: #VU100638

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50282

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the amdgpu_debugfs_regs_smc_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU100615

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper error handling

EUVDB-ID: #VU100634

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50284

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __rpc_method() and ksmbd_session_rpc_open() functions in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU100616

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50286

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ksmbd_expire_session() and ksmbd_sessions_deregister() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Division by zero

EUVDB-ID: #VU100639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50287

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Integer underflow

EUVDB-ID: #VU100637

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50290

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) NULL pointer dereference

EUVDB-ID: #VU100625

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50292

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Resource management error

EUVDB-ID: #VU100646

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50295

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arc_emac_tx_clean(), arc_emac_rx(), arc_emac_open(), arc_emac_set_rx_mode(), arc_free_tx_queue(), arc_free_rx_queue() and arc_emac_tx() functions in drivers/net/ethernet/arc/emac_main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) NULL pointer dereference

EUVDB-ID: #VU100626

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50296

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hnae3_unregister_ae_algo_prepare() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Input validation error

EUVDB-ID: #VU100631

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50299

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

EUVDB-ID: #VU100622

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Memory leak

EUVDB-ID: #VU100611

Risk: Medium

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2024-50302

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

79) Improper locking

EUVDB-ID: #VU100718

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53042

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the include/net/ip_tunnels.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Input validation error

EUVDB-ID: #VU100747

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53043

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mctp_i2c_header_create() function in drivers/net/mctp/mctp-i2c.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper locking

EUVDB-ID: #VU100720

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53052

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper locking

EUVDB-ID: #VU100722

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53054

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_STATIC_KEY_ARRAY_FALSE() and cgroup_bpf_release_fn() functions in kernel/bpf/cgroup.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Infinite loop

EUVDB-ID: #VU100734

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53055

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the iwl_mvm_umac_scan_cfg_channels_v6_6g() function in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Use-after-free

EUVDB-ID: #VU100707

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53057

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper error handling

EUVDB-ID: #VU100729

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53058

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Input validation error

EUVDB-ID: #VU100728

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53059

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) NULL pointer dereference

EUVDB-ID: #VU100713

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource management error

EUVDB-ID: #VU100741

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53063

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Use of uninitialized resource

EUVDB-ID: #VU100730

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53066

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Resource management error

EUVDB-ID: #VU100737

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53070

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dwc3_suspend_common() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Resource management error

EUVDB-ID: #VU100739

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53072

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amd_pmc_s2d_init() function in drivers/platform/x86/amd/pmc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Integer overflow

EUVDB-ID: #VU100732

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53081

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the calc_pll() function in drivers/media/i2c/ar0521.c. A local user can execute arbitrary code.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Input validation error

EUVDB-ID: #VU100749

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53082

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the virtnet_probe() function in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Memory leak

EUVDB-ID: #VU100705

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53088

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper locking

EUVDB-ID: #VU100834

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53093

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_add_ns_head_cdev(), nvme_mpath_alloc_disk(), nvme_mpath_set_live(), nvme_mpath_shutdown_disk() and nvme_mpath_remove_disk() functions in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.119-1.

Debian Linux: All versions

linux (Debian package): before 6.1.119-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00233.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.