Ubuntu update for linux-intel-iotg

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU87191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-25744

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU96106

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer underflow

EUVDB-ID: #VU97554

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46759

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU96141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42286

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU95003

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41042

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU96205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42276

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Division by zero

EUVDB-ID: #VU97555

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46732

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU96530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43902

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU98379

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47665

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_dma_init() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU97287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46675

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use of uninitialized resource

EUVDB-ID: #VU96300

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43873

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the vhost_vsock_dev_open() and vhost_vsock_set_features() functions in drivers/vhost/vsock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU97513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46761

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU96206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42281

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU97516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46795

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_sess_setup() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU96285

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43869

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_sched_out(), exclusive_event_installable(), perf_pending_task() and perf_event_alloc() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU93820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39472

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU97501

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU96842

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU97494

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46746

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU97504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46747

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU94530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Memory leak

EUVDB-ID: #VU96287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU97529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46737

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU96210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42318

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hook_cred_prepare() and hook_cred_free() functions in security/landlock/cred.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper error handling

EUVDB-ID: #VU95022

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41022

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU96107

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42285

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper error handling

EUVDB-ID: #VU97543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46752

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Input validation error

EUVDB-ID: #VU97842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46818

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU96522

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44935

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU96658

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44946

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

32) Type Confusion

EUVDB-ID: #VU96639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44944

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU94842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Input validation error

EUVDB-ID: #VU96209

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42312

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Division by zero

EUVDB-ID: #VU97276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46676

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU96103

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43834

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Buffer overflow

EUVDB-ID: #VU96871

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44966

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the DATA_START_OFFSET_WORDS() and load_flat_binary() functions in fs/binfmt_flat.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU97503

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46743

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer overflow

EUVDB-ID: #VU97188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45026

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU97793

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46805

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psp_xgmi_reflect_topology_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU90640

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26607

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sii902x_init() and sii902x_probe() functions in drivers/gpu/drm/bridge/sii902x.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Memory leak

EUVDB-ID: #VU97485

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46771

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU96528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) NULL pointer dereference

EUVDB-ID: #VU96538

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43884

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU94942

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41070

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU96124

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43829

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qxl_add_mode() function in drivers/gpu/drm/qxl/qxl_display.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds read

EUVDB-ID: #VU97511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46725

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU97173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU96140

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42287

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU96109

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42313

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU96144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42277

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sprd_iommu_cleanup() function in drivers/iommu/sprd-iommu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Resource management error

EUVDB-ID: #VU96181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42290

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU96517

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_multicast_del_port() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper locking

EUVDB-ID: #VU97803

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46829

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU97256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU97257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46677

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use of uninitialized resource

EUVDB-ID: #VU96172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42311

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Input validation error

EUVDB-ID: #VU97844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46814

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Input validation error

EUVDB-ID: #VU97843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46815

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46755

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Memory leak

EUVDB-ID: #VU94926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41065

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Division by zero

EUVDB-ID: #VU96545

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43889

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Buffer overflow

EUVDB-ID: #VU97564

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46780

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) NULL pointer dereference

EUVDB-ID: #VU96118

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43860

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Integer overflow

EUVDB-ID: #VU97550

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46777

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) NULL pointer dereference

EUVDB-ID: #VU97534

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46719

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Resource management error

EUVDB-ID: #VU97191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45009

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU96108

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42302

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper error handling

EUVDB-ID: #VU96164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42304

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper locking

EUVDB-ID: #VU94992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41063

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Input validation error

EUVDB-ID: #VU98382

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47659

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) NULL pointer dereference

EUVDB-ID: #VU97798

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46822

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Integer underflow

EUVDB-ID: #VU97551

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46756

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Memory leak

EUVDB-ID: #VU96195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42283

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Integer underflow

EUVDB-ID: #VU97552

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46757

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU96524

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43909

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smu7_update_edc_leakage_table() and smu7_hwmgr_backend_init() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Input validation error

EUVDB-ID: #VU97195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU97528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46739

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper locking

EUVDB-ID: #VU97539

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46750

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use-after-free

EUVDB-ID: #VU97496

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46782

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Use-after-free

EUVDB-ID: #VU96838

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_finish_output2() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Use of uninitialized resource

EUVDB-ID: #VU96869

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44983

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_skb_encap_protocol() function in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper Initialization

EUVDB-ID: #VU97184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Use-after-free

EUVDB-ID: #VU96839

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44987

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41090

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Buffer overflow

EUVDB-ID: #VU96177

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42288

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Buffer overflow

EUVDB-ID: #VU96885

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44969

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Use of uninitialized resource

EUVDB-ID: #VU96171

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42272

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the DEFINE_MUTEX() and offsetof() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper locking

EUVDB-ID: #VU96540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43893

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Buffer overflow

EUVDB-ID: #VU96008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42259

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Use-after-free

EUVDB-ID: #VU97495

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46781

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) NULL pointer dereference

EUVDB-ID: #VU96526

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Input validation error

EUVDB-ID: #VU96203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Input validation error

EUVDB-ID: #VU96197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43839

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Division by zero

EUVDB-ID: #VU98372

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47663

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use-after-free

EUVDB-ID: #VU97500

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Input validation error

EUVDB-ID: #VU96160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43817

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Improper error handling

EUVDB-ID: #VU96166

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42295

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper locking

EUVDB-ID: #VU97808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46840

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Buffer overflow

EUVDB-ID: #VU96883

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45008

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Input validation error

EUVDB-ID: #VU96200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43849

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pdr_locator_new_server(), pdr_locator_del_server() and pdr_get_domain_list() functions in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Resource management error

EUVDB-ID: #VU96304

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Resource management error

EUVDB-ID: #VU96187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43841

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Input validation error

EUVDB-ID: #VU96193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42299

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the blksize_bits() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper error handling

EUVDB-ID: #VU97546

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46783

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Reachable assertion

EUVDB-ID: #VU93039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36484

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper locking

EUVDB-ID: #VU98370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) NULL pointer dereference

EUVDB-ID: #VU96134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42310

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) NULL pointer dereference

EUVDB-ID: #VU96848

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44990

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU96145

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42270

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iptable_nat_init() function in net/ipv4/netfilter/iptable_nat.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU96536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43894

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Out-of-bounds read

EUVDB-ID: #VU94956

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41071

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Use-after-free

EUVDB-ID: #VU94222

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40915

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the set_direct_map_default_noflush() function in arch/riscv/mm/pageattr.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) NULL pointer dereference

EUVDB-ID: #VU97796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46810

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tc_irq_handler() function in drivers/gpu/drm/bridge/tc358767.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improper locking

EUVDB-ID: #VU96859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Infinite loop

EUVDB-ID: #VU95515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42246

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU96132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52889

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Race condition

EUVDB-ID: #VU96546

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43892

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Buffer overflow

EUVDB-ID: #VU96544

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43890

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Buffer overflow

EUVDB-ID: #VU96176

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42284

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper locking

EUVDB-ID: #VU98367

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47669

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Memory leak

EUVDB-ID: #VU94929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Double free

EUVDB-ID: #VU95011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41073

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Use-after-free

EUVDB-ID: #VU90210

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41091

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Out-of-bounds read

EUVDB-ID: #VU97786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Use-after-free

EUVDB-ID: #VU90191

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48666

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __scsi_remove_device() function in drivers/scsi/scsi_sysfs.c, within the scsi_alloc_sdev() function in drivers/scsi/scsi_scan.c, within the scsi_mq_setup_tags() function in drivers/scsi/scsi_lib.c, within the scsi_remove_host(), scsi_add_host_with_dma() and scsi_host_dev_release() functions in drivers/scsi/hosts.c. A local user can escalate privileges on the system.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) NULL pointer dereference

EUVDB-ID: #VU94978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Improper locking

EUVDB-ID: #VU94986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42114

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU97794

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46807

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Memory leak

EUVDB-ID: #VU90010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26669

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Buffer overflow

EUVDB-ID: #VU96878

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Integer underflow

EUVDB-ID: #VU97553

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46758

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Memory leak

EUVDB-ID: #VU96711

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: Yes

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-intel-iotg to the latest version.

Ubuntu: 20.04 - 22.04

linux-image-intel (Ubuntu package): before 5.15.0.1067.73~20.04.1

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1067.67

linux-image-5.15.0-1067-intel-iotg (Ubuntu package): before 5.15.0-1067.73~20.04.1

• cpe:2.3::canonical:linux-image-intel_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-5_15_0-1067-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7144-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

137) Input validation error

EUVDB-ID: #VU96298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43875

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vpci_scan_bus() and epf_ntb_bind() functions in drivers/pci/endpoint/functions/pci-epf-vntb.c. A local user can perform a denial of service (DoS) attack.