Ubuntu update for linux-gkeop

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the printer_write() in drivers/usb/gadget/function/f_printer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU96523

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43911

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ieee80211_start_tx_ba_session() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU97538

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46762

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), irqfd_shutdown() and privcmd_irqfd_assign() functions in drivers/xen/privcmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU97489

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46794

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mmio_read() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU96112

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43843

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __arch_prepare_bpf_trampoline() and arch_prepare_bpf_trampoline() functions in arch/riscv/net/bpf_jit_comp64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU95078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42229

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU96513

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43888

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the list_lru_from_memcg_idx() and EXPORT_SYMBOL_GPL() functions in mm/list_lru.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU96835

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44978

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xe_sched_job_destroy() function in drivers/gpu/drm/xe/xe_sched_job.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU97262

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46693

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_probe() function in drivers/usb/typec/ucsi/ucsi_glink.c, within the pmic_glink_altmode_probe() function in drivers/soc/qcom/pmic_glink_altmode.c, within the _devm_pmic_glink_release_client() and devm_pmic_glink_register_client() functions in drivers/soc/qcom/pmic_glink.c, within the qcom_battmgr_probe() function in drivers/power/supply/qcom_battmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU97268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46695

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU96181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42290

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Incorrect calculation

EUVDB-ID: #VU95077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42067

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper error handling

EUVDB-ID: #VU97181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45012

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nvkm_falcon_fw_boot() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c, within the nvkm_firmware_dtor() and nvkm_firmware_ctor() functions in drivers/gpu/drm/nouveau/nvkm/core/firmware.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Integer underflow

EUVDB-ID: #VU96174

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42316

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the folio_rotate_reclaimable() function in mm/vmscan.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU98379

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47665

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_dma_init() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper Initialization

EUVDB-ID: #VU95047

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41052

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the vfio_pci_ioctl_get_pci_hot_reset_info() function in drivers/vfio/pci/vfio_pci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU94969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42074

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_acp_resume() function in sound/soc/amd/acp/acp-pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU94944

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41058

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_withdraw_volumes() function in fs/cachefiles/cache.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU96872

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44975

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the update_parent_effective_cpumask() function in kernel/cgroup/cpuset.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU97285

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46709

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vmw_stdu_bo_cpu_commit() and vmw_stdu_bo_populate_update_cpu() functions in drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c, within the vmw_bo_cpu_blit_line() and vmw_bo_cpu_blit() functions in drivers/gpu/drm/vmwgfx/vmwgfx_blit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU98381

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46871

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU94988

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42090

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper locking

EUVDB-ID: #VU96154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42296

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_convert_inline_inode() function in fs/f2fs/inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper locking

EUVDB-ID: #VU94987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42096

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Resource management error

EUVDB-ID: #VU95065

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42146

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the p2p_enabled() and dma_buf_run_device() functions in drivers/gpu/drm/xe/tests/xe_dma_buf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Memory leak

EUVDB-ID: #VU97777

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46855

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU93889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39487

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU96111

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43825

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iio_gts_build_avail_time_table() function in drivers/iio/industrialio-gts-helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Integer overflow

EUVDB-ID: #VU95038

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42066

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the xe_ttm_vram_mgr_new() function in drivers/gpu/drm/xe/xe_ttm_vram_mgr.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU94997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42126

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper error handling

EUVDB-ID: #VU95022

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41022

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU94925

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41025

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fastrpc_init_create_static_process() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Resource management error

EUVDB-ID: #VU95057

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52888

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the h264_enc_free_work_buf() function in drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c, within the vdec_av1_slice_free_working_buffer() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_av1_req_lat_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU97264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46702

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU96146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42269

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip6table_nat_init() function in net/ipv6/netfilter/ip6table_nat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Resource management error

EUVDB-ID: #VU95073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41082

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Buffer overflow

EUVDB-ID: #VU96176

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42284

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Input validation error

EUVDB-ID: #VU95088

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42227

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dml_core_mode_programming() function in drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Input validation error

EUVDB-ID: #VU94843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41017

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU95509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42250

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cachefiles_daemon_poll() function in fs/cachefiles/daemon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU97519

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46778

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the CalculateSwathAndDETConfiguration() function in drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU98371

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47661

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper error handling

EUVDB-ID: #VU97549

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46727

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU97780

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46845

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the this_cpu_tmr_var() and timerlat_fd_release() functions in kernel/trace/trace_osnoise.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper locking

EUVDB-ID: #VU96858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44953

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ufshcd_update_rtc() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU98382

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47659

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU94931

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42137

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qca_serdev_shutdown() function in drivers/bluetooth/hci_qca.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper locking

EUVDB-ID: #VU95508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42245

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the detach_tasks() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU94941

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41096

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the msi_capability_init() function in drivers/pci/msi/msi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper locking

EUVDB-ID: #VU97803

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46829

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU94981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41053

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ufshcd_abort_one() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU97496

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46782

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Memory leak

EUVDB-ID: #VU96833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44972

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the extent_write_locked_range() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) NULL pointer dereference

EUVDB-ID: #VU94966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41095

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper locking

EUVDB-ID: #VU95507

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42239

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __bpf_async_init(), drop_prog_refcnt(), BPF_CALL_1() and hrtimer_cancel() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper error handling

EUVDB-ID: #VU95014

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42127

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Out-of-bounds read

EUVDB-ID: #VU96114

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42292

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper error handling

EUVDB-ID: #VU97543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46752

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Input validation error

EUVDB-ID: #VU97269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46679

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory leak

EUVDB-ID: #VU94928

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs4_set_security_label() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper error handling

EUVDB-ID: #VU97547

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46784

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU97497

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46786

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fscache_exit() function in fs/fscache/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper locking

EUVDB-ID: #VU97266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46678

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bond_ipsec_add_sa(), bond_ipsec_add_sa_all(), bond_ipsec_del_sa(), bond_ipsec_del_sa_all(), bond_setup() and bond_uninit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU96862

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44957

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_MUTEX(), irqfd_wakeup(), irqfd_poll_func(), privcmd_irqfd_assign(), privcmd_irqfd_deassign() and privcmd_irqfd_init() functions in drivers/xen/privcmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46755

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU98370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Reachable assertion

EUVDB-ID: #VU95007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41067

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the scrub_submit_extent_sector_read() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper locking

EUVDB-ID: #VU97806

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46838

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Resource management error

EUVDB-ID: #VU96304

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43879

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Input validation error

EUVDB-ID: #VU96888

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45007

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the MODULE_LICENSE(), cleanup_dev(), report_io_error() and xillyusb_init() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Incorrect calculation

EUVDB-ID: #VU97193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45025

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Resource management error

EUVDB-ID: #VU96874

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45001

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Input validation error

EUVDB-ID: #VU94508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41009

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Use-after-free

EUVDB-ID: #VU94946

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41051

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_ondemand_clean_object() function in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Input validation error

EUVDB-ID: #VU97837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46836

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ast_udc_getstatus() function in drivers/usb/gadget/udc/aspeed_udc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Memory leak

EUVDB-ID: #VU98855

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49984

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v3d_get_cpu_reset_performance_params() and v3d_get_cpu_copy_performance_query_params() functions in drivers/gpu/drm/v3d/v3d_submit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) NULL pointer dereference

EUVDB-ID: #VU97173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45028

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Memory leak

EUVDB-ID: #VU96287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper error handling

EUVDB-ID: #VU97546

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46783

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use of uninitialized resource

EUVDB-ID: #VU96171

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42272

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the DEFINE_MUTEX() and offsetof() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Resource management error

EUVDB-ID: #VU95066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42087

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ili9881c_prepare() and ili9881c_unprepare() functions in drivers/gpu/drm/panel/panel-ilitek-ili9881c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU97518

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46785

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the eventfs_remove_rec() function in fs/tracefs/event_inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Input validation error

EUVDB-ID: #VU96205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42276

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU98369

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47658

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32_cryp_irq_thread() function in drivers/crypto/stm32/stm32-cryp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) NULL pointer dereference

EUVDB-ID: #VU97513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46761

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU97531

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46715

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL(), iio_channel_read() and iio_channel_read_avail() functions in drivers/iio/inkern.c, within the iio_ev_state_store(), iio_ev_state_show() and iio_ev_value_show() functions in drivers/iio/industrialio-event.c, within the iio_read_channel_info() and iio_read_channel_info_avail() functions in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Division by zero

EUVDB-ID: #VU97276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46676

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU96126

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43824

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pci_epf_test_core_init() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Infinite loop

EUVDB-ID: #VU95044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42100

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the sunxi_ccu_probe() function in drivers/clk/sunxi-ng/ccu_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Use-after-free

EUVDB-ID: #VU97493

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46745

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) NULL pointer dereference

EUVDB-ID: #VU94973

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41084

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cxl_dpa_to_region() function in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Input validation error

EUVDB-ID: #VU95002

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41086

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the downgrade_entry_next_c() and bch2_sb_downgrade_validate() functions in fs/bcachefs/sb-downgrade.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU97171

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45015

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpu_encoder_virt_atomic_mode_set() and dpu_encoder_virt_atomic_enable() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) NULL pointer dereference

EUVDB-ID: #VU97515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46797

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the barrier() function in arch/powerpc/lib/qspinlock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Input validation error

EUVDB-ID: #VU94999

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42160

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_build_fault_attr() and parse_options() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Resource management error

EUVDB-ID: #VU97281

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46706

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the lpuart_probe() function in drivers/tty/serial/fsl_lpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) NULL pointer dereference

EUVDB-ID: #VU97792

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46803

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the debug_event_write_work_handler() and kfd_dbg_trap_disable() functions in drivers/gpu/drm/amd/amdkfd/kfd_debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Input validation error

EUVDB-ID: #VU97288

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46708

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the PINGROUP() function in drivers/pinctrl/qcom/pinctrl-x1e80100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper locking

EUVDB-ID: #VU98367

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47669

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Resource management error

EUVDB-ID: #VU97191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45009

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper error handling

EUVDB-ID: #VU95023

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41021

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the handle_fault_error_nolock() function in arch/s390/mm/fault.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Input validation error

EUVDB-ID: #VU95089

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42159

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mpi3mr_sas_port_add() function in drivers/scsi/mpi3mr/mpi3mr_transport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Resource management error

EUVDB-ID: #VU96183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42321

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __skb_flow_dissect() function in net/core/flow_dissector.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper locking

EUVDB-ID: #VU97810

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46868

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qcuefi_set_reference() function in drivers/firmware/qcom/qcom_qseecom_uefisecapp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Memory leak

EUVDB-ID: #VU94929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Input validation error

EUVDB-ID: #VU96208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42303

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pxp_probe() function in drivers/media/platform/nxp/imx-pxp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) NULL pointer dereference

EUVDB-ID: #VU97172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45027

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_mem_cleanup() function in drivers/usb/host/xhci-mem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) NULL pointer dereference

EUVDB-ID: #VU96135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42309

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Input validation error

EUVDB-ID: #VU96200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43849

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pdr_locator_new_server(), pdr_locator_del_server() and pdr_get_domain_list() functions in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) NULL pointer dereference

EUVDB-ID: #VU96526

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43907

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU96532

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43899

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_get_dcc_compression_cap() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU96127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43823

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_setup_rc_app_regs() and ks_pcie_host_init() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Use-after-free

EUVDB-ID: #VU95503

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) NULL pointer dereference

EUVDB-ID: #VU96521

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44937

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the notify_handler() and intel_vbtn_probe() functions in drivers/platform/x86/intel/vbtn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Double free

EUVDB-ID: #VU95010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41046

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ltq_etop_free_channel() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Infinite loop

EUVDB-ID: #VU95513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42237

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cs_dsp_load(), cs_dsp_load_coeff() and regmap_async_complete() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Use of uninitialized resource

EUVDB-ID: #VU95030

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42063

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the PROG_NAME() and PROG_NAME_ARGS() functions in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Input validation error

EUVDB-ID: #VU95104

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42065

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xe_ttm_stolen_mgr_init() function in drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Input validation error

EUVDB-ID: #VU95093

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42154

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Buffer overflow

EUVDB-ID: #VU96008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42259

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) NULL pointer dereference

EUVDB-ID: #VU97263

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46698

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the aperture_remove_conflicting_devices(), EXPORT_SYMBOL() and aperture_remove_conflicting_pci_devices() functions in drivers/video/aperture.c, within the of_platform_default_populate_init() function in drivers/of/platform.c, within the DEFINE_MUTEX(), sysfb_unregister() and sysfb_pci_dev_is_enabled() functions in drivers/firmware/sysfb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Double free

EUVDB-ID: #VU97542

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46741

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the fastrpc_req_mmap() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Out-of-bounds read

EUVDB-ID: #VU97170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45020

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the stacksafe() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) NULL pointer dereference

EUVDB-ID: #VU94957

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42151

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bpf_dummy_unreg() and bpf_dummy_test_sleepable() functions in net/bpf/bpf_dummy_struct_ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Double free

EUVDB-ID: #VU95011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41073

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) NULL pointer dereference

EUVDB-ID: #VU97534

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46719

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Improper error handling

EUVDB-ID: #VU96166

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42295

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Out-of-bounds read

EUVDB-ID: #VU97791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46859

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Input validation error

EUVDB-ID: #VU95109

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41035

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Incorrect calculation

EUVDB-ID: #VU97561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46751

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Input validation error

EUVDB-ID: #VU98380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47667

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Buffer overflow

EUVDB-ID: #VU97558

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46728

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the configure_lttpr_mode_non_transparent() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) NULL pointer dereference

EUVDB-ID: #VU97799

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46824

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iommufd_hwpt_nested_alloc() function in drivers/iommu/iommufd/hw_pagetable.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Input validation error

EUVDB-ID: #VU95098

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42121

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Input validation error

EUVDB-ID: #VU97569

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46776

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the construct_phy() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Improper error handling

EUVDB-ID: #VU97545

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46768

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the hp_wmi_notify() function in drivers/hwmon/hp-wmi-sensors.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) NULL pointer dereference

EUVDB-ID: #VU96525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43908

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_interrupt_process_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Use-after-free

EUVDB-ID: #VU96515

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43900

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) NULL pointer dereference

EUVDB-ID: #VU97256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46707

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Use-after-free

EUVDB-ID: #VU96517

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_multicast_del_port() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) NULL pointer dereference

EUVDB-ID: #VU94977

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41062

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Improper error handling

EUVDB-ID: #VU96164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42304

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Input validation error

EUVDB-ID: #VU96209

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42312

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Input validation error

EUVDB-ID: #VU95090

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42157

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Use-after-free

EUVDB-ID: #VU94938

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41092

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Resource management error

EUVDB-ID: #VU95069

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41041

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Improper locking

EUVDB-ID: #VU96149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43832

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the make_folio_secure() and folio_wait_writeback() functions in arch/s390/kernel/uv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Buffer overflow

EUVDB-ID: #VU95042

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41039

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the cs_dsp_adsp1_parse_sizes(), cs_dsp_adsp2_parse_sizes(), cs_dsp_load() and cs_dsp_buf_free() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Improper error handling

EUVDB-ID: #VU96868

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44962

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ps_cancel_timer() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Use-after-free

EUVDB-ID: #VU97783

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46858

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Out-of-bounds read

EUVDB-ID: #VU97790

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46847

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the new_vmap_block() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Buffer overflow

EUVDB-ID: #VU96191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43856

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) NULL pointer dereference

EUVDB-ID: #VU94978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41060

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Resource management error

EUVDB-ID: #VU97192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45010

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow(), mptcp_pm_remove_anno_addr(), mptcp_nl_remove_subflow_and_signal_addr(), mptcp_nl_remove_id_zero_address() and mptcp_pm_nl_fullmesh() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Input validation error

EUVDB-ID: #VU95108

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41044

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Input validation error

EUVDB-ID: #VU96552

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44942

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) NULL pointer dereference

EUVDB-ID: #VU96137

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42307

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_cifs(), destroy_mids() and destroy_workqueue() functions in fs/smb/client/cifsfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Resource management error

EUVDB-ID: #VU96873

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44984

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Input validation error

EUVDB-ID: #VU95004

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41075

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cachefiles_ondemand_fd_llseek(), cachefiles_ondemand_fd_ioctl() and cachefiles_ondemand_copen() functions in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Input validation error

EUVDB-ID: #VU96160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43817

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Improper locking

EUVDB-ID: #VU97535

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Use-after-free

EUVDB-ID: #VU97782

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Out-of-bounds read

EUVDB-ID: #VU96116

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42301

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Out-of-bounds read

EUVDB-ID: #VU96846

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44993

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the v3d_csd_job_run() function in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Buffer overflow

EUVDB-ID: #VU95056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41094

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drm_fbdev_dma_helper_fb_probe() function in drivers/gpu/drm/drm_fbdev_dma.c, within the drm_fb_helper_alloc_info() and __drm_fb_helper_initial_config_and_unlock() functions in drivers/gpu/drm/drm_fb_helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Improper locking

EUVDB-ID: #VU92030

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27022

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the dup_mmap() function in kernel/fork.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Improper locking

EUVDB-ID: #VU94989

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41088

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251xfd_tx_obj_from_skb(), mcp251xfd_tx_busy() and mcp251xfd_start_xmit() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251xfd_open() and mcp251xfd_stop() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Input validation error

EUVDB-ID: #VU96493

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43883

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Double free

EUVDB-ID: #VU95008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41087

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Buffer overflow

EUVDB-ID: #VU97564

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46780

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Type Confusion

EUVDB-ID: #VU94923

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42070

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Buffer overflow

EUVDB-ID: #VU96878

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Buffer overflow

EUVDB-ID: #VU97819

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46823

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the DEFINE_TEST_ALLOC() and overflow_allocation_test() functions in lib/overflow_kunit.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) NULL pointer dereference

EUVDB-ID: #VU97529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46737

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Memory leak

EUVDB-ID: #VU96828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44982

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Use of uninitialized resource

EUVDB-ID: #VU97274

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46697

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfsd4_encode_fattr4() function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Improper Initialization

EUVDB-ID: #VU97184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Use-after-free

EUVDB-ID: #VU96839

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44987

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Input validation error

EUVDB-ID: #VU95106

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41072

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Improper locking

EUVDB-ID: #VU94992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41063

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Integer underflow

EUVDB-ID: #VU97552

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46757

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) Use-after-free

EUVDB-ID: #VU97778

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46831

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Buffer overflow

EUVDB-ID: #VU96871

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44966

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the DATA_START_OFFSET_WORDS() and load_flat_binary() functions in fs/binfmt_flat.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Resource management error

EUVDB-ID: #VU96189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42322

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Resource management error

EUVDB-ID: #VU95061

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42231

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the calc_available_free_space() function in fs/btrfs/space-info.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Input validation error

EUVDB-ID: #VU97571

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46717

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Memory leak

EUVDB-ID: #VU94926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41065

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Buffer overflow

EUVDB-ID: #VU96885

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44969

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Improper error handling

EUVDB-ID: #VU95018

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52887

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the j1939_xtp_rx_rts_session_new() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) Use-after-free

EUVDB-ID: #VU94936

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42105

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_store_disk_layout() function in fs/nilfs2/the_nilfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Memory leak

EUVDB-ID: #VU96832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44971

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Use-after-free

EUVDB-ID: #VU97500

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) Memory leak

EUVDB-ID: #VU96100

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42262

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v3d_get_cpu_reset_performance_params() and v3d_get_cpu_copy_performance_query_params() functions in drivers/gpu/drm/v3d/v3d_submit.c, within the v3d_timestamp_query_info_free() function in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) Out-of-bounds read

EUVDB-ID: #VU96550

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44938

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) Out-of-bounds read

EUVDB-ID: #VU94953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42088

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SND_SOC_DAILINK_DEFS() function in sound/soc/mediatek/mt8195/mt8195-mt6359.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Buffer overflow

EUVDB-ID: #VU96876

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44970

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) Resource management error

EUVDB-ID: #VU96303

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43876

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the rcar_pcie_wakeup() function in drivers/pci/controller/pcie-rcar-host.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) Use-after-free

EUVDB-ID: #VU97501

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) Buffer overflow

EUVDB-ID: #VU95041

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42086

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bme680_compensate_temp(), bme680_compensate_press() and bme680_compensate_humid() functions in drivers/iio/chemical/bme680_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) Improper locking

EUVDB-ID: #VU96150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43826

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs_wb_folio_cancel() and nfs_wb_folio() functions in fs/nfs/write.c, within the nfs_read_folio() function in fs/nfs/read.c, within the nfs_invalidate_folio() and nfs_launder_folio() functions in fs/nfs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) Infinite loop

EUVDB-ID: #VU97556

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46729

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the dccg35_get_other_enabled_symclk_fe() function in drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) Out-of-bounds read

EUVDB-ID: #VU97504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46747

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) NULL pointer dereference

EUVDB-ID: #VU97261

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46691

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_notify(), pmic_glink_ucsi_callback() and pmic_glink_ucsi_probe() functions in drivers/usb/typec/ucsi/ucsi_glink.c, within the EXPORT_SYMBOL_GPL() function in drivers/soc/qcom/pmic_glink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Out-of-bounds read

EUVDB-ID: #VU97509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46723

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

205) Out-of-bounds read

EUVDB-ID: #VU94838

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41018

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the log_replay() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Input validation error

EUVDB-ID: #VU95923

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42258

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __thp_get_unmapped_area() function in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

207) Resource management error

EUVDB-ID: #VU95051

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41081

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

208) Use-after-free

EUVDB-ID: #VU94947

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41049

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

209) NULL pointer dereference

EUVDB-ID: #VU96121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43837

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/bpf_verifier.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

210) Buffer overflow

EUVDB-ID: #VU96883

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45008

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

211) Improper locking

EUVDB-ID: #VU94994

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i40e_xdp_setup() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

212) Out-of-bounds read

EUVDB-ID: #VU94839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41019

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

213) Memory leak

EUVDB-ID: #VU94922

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42152

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

214) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41090

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

215) Input validation error

EUVDB-ID: #VU97572

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46716

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

216) Use-after-free

EUVDB-ID: #VU94937

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42104

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

217) Resource management error

EUVDB-ID: #VU97827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46804

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

218) Off-by-one

EUVDB-ID: #VU96173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43852

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the ltc2991_is_visible() function in drivers/hwmon/ltc2991.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

219) Resource management error

EUVDB-ID: #VU95059

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42129

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxreg_led_probe() function in drivers/leds/leds-mlxreg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

220) Resource management error

EUVDB-ID: #VU98374

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46870

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

221) Improper error handling

EUVDB-ID: #VU95019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41093

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the amdgpu_vkms_prepare_fb() and amdgpu_vkms_cleanup_fb() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

222) Input validation error

EUVDB-ID: #VU97195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45011

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

223) Improper locking

EUVDB-ID: #VU94991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41064

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

224) Out-of-bounds read

EUVDB-ID: #VU97508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46722

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

225) NULL pointer dereference

EUVDB-ID: #VU96141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42286

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

226) Buffer overflow

EUVDB-ID: #VU97188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45026

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

227) Input validation error

EUVDB-ID: #VU97842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46818

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

228) Input validation error

EUVDB-ID: #VU96206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42281

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

229) Memory leak

EUVDB-ID: #VU96099

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

230) NULL pointer dereference

EUVDB-ID: #VU94975

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41037

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hda_dai_suspend() function in sound/soc/sof/intel/hda-dai.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

231) Use-after-free

EUVDB-ID: #VU96658

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44946

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

232) Use-after-free

EUVDB-ID: #VU94672

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41012

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

233) NULL pointer dereference

EUVDB-ID: #VU94970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41098

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

234) Memory leak

EUVDB-ID: #VU96101

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42263

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v3d_get_cpu_timestamp_query_params(), v3d_get_cpu_reset_timestamp_params() and v3d_get_cpu_copy_query_results_params() functions in drivers/gpu/drm/v3d/v3d_submit.c, within the v3d_sched_job_free() function in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

235) Input validation error

EUVDB-ID: #VU95101

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42095

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

236) Integer underflow

EUVDB-ID: #VU97551

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46756

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

237) Memory leak

EUVDB-ID: #VU96511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43913

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the devm_apple_nvme_mempool_destroy() and apple_nvme_probe() functions in drivers/nvme/host/apple.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

238) NULL pointer dereference

EUVDB-ID: #VU97798

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46822

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

239) Type Confusion

EUVDB-ID: #VU96639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44944

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input within the ctnetlink_del_expect() function in net/netfilter/nf_conntrack_netlink.c. A local user can trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

240) Input validation error

EUVDB-ID: #VU95091

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42156

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

241) Use-after-free

EUVDB-ID: #VU94940

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42073

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_sb_sr_occ_query_cb(), mlxsw_reg_sbsr_pack() and mlxsw_sp_sb_occ_max_clear() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

242) Buffer overflow

EUVDB-ID: #VU95039

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42093

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

243) Memory leak

EUVDB-ID: #VU96512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44931

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

244) Integer overflow

EUVDB-ID: #VU95037

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42223

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

245) Memory leak

EUVDB-ID: #VU96102

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42264

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v3d_get_cpu_reset_performance_params() and v3d_get_cpu_copy_performance_query_params() functions in drivers/gpu/drm/v3d/v3d_submit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

246) NULL pointer dereference

EUVDB-ID: #VU96143

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42278

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tasdev_load_calibrated_data() function in sound/soc/codecs/tas2781-fmwlib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

247) Integer underflow

EUVDB-ID: #VU97554

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46759

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

248) Input validation error

EUVDB-ID: #VU97839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46826

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

249) Use of uninitialized resource

EUVDB-ID: #VU96169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43828

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

250) Input validation error

EUVDB-ID: #VU96210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42318

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hook_cred_prepare() and hook_cred_free() functions in security/landlock/cred.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

251) Buffer overflow

EUVDB-ID: #VU95516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42240

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

252) NULL pointer dereference

EUVDB-ID: #VU96850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45000

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the spin_lock() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

253) NULL pointer dereference

EUVDB-ID: #VU96524

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43909

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smu7_update_edc_leakage_table() and smu7_hwmgr_backend_init() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

254) Memory leak

EUVDB-ID: #VU97488

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46792

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the handle_misaligned_load() and handle_misaligned_store() functions in arch/riscv/kernel/traps_misaligned.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

255) Use-after-free

EUVDB-ID: #VU94934

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42109

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nft_rcv_nl_event() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

256) Integer underflow

EUVDB-ID: #VU96301

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43867

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

257) Incorrect calculation

EUVDB-ID: #VU95075

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42130

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the virtual_ncidev_write() function in drivers/nfc/virtual_ncidev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

258) Input validation error

EUVDB-ID: #VU95510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42244

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

259) Out-of-bounds read

EUVDB-ID: #VU96844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44977

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ta_if_load_debugfs_write() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

260) Buffer overflow

EUVDB-ID: #VU97563

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46774

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

261) Improper error handling

EUVDB-ID: #VU95021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41030

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the smb2_create_open_flags() and smb2_open() functions in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

262) NULL pointer dereference

EUVDB-ID: #VU96134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42310

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

263) NULL pointer dereference

EUVDB-ID: #VU94959

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42138

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vfree() function in drivers/net/ethernet/mellanox/mlxsw/core_linecards.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

264) Reachable assertion

EUVDB-ID: #VU96161

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42317

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __thp_vma_allowable_orders() function in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

265) Improper error handling

EUVDB-ID: #VU95012

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42224

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

266) Improper error handling

EUVDB-ID: #VU97273

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46694

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dm_plane_helper_prepare_fb() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

267) Input validation error

EUVDB-ID: #VU97843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46815

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

268) NULL pointer dereference

EUVDB-ID: #VU97257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46677

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

269) NULL pointer dereference

EUVDB-ID: #VU97523

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46763

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

270) NULL pointer dereference

EUVDB-ID: #VU97802

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46860

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7921_ipv6_addr_change() function in drivers/net/wireless/mediatek/mt76/mt7921/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

271) Incorrect calculation

EUVDB-ID: #VU97562

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46767

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the of_phy_leds() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

272) Out-of-bounds read

EUVDB-ID: #VU94950

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42111

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the btrfs_qgroup_check_inherit() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

273) Improper locking

EUVDB-ID: #VU94996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41020

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

274) Buffer overflow

EUVDB-ID: #VU97557

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46726

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dcn_bw_update_from_pplib_fclks() function in drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

275) Reachable assertion

EUVDB-ID: #VU95005

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42117

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the find_disp_cfg_idx_by_plane_id() and find_disp_cfg_idx_by_stream_id() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_dc_resource_mgmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

276) Input validation error

EUVDB-ID: #VU96196

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43831

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

277) Use-after-free

EUVDB-ID: #VU96107

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42285

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

278) Use-after-free

EUVDB-ID: #VU97779

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46842

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_get_sfp_info_wait() function in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

279) NULL pointer dereference

EUVDB-ID: #VU96120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43857

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the is_end_zone_blkaddr() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

280) Resource management error

EUVDB-ID: #VU95070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41031

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_sync_mmap_readahead() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

281) Use-after-free

EUVDB-ID: #VU96103

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43834

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

282) Input validation error

EUVDB-ID: #VU95095

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42135

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vhost_task_fn(), EXPORT_SYMBOL_GPL() and vhost_task_create() functions in kernel/vhost_task.c, within the __vhost_worker_flush(), vhost_vq_reset(), vhost_worker(), vhost_worker_create(), __vhost_vq_attach_worker() and vhost_free_worker() functions in drivers/vhost/vhost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

283) Resource management error

EUVDB-ID: #VU95517

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42241

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the shmem_confirm_swap() and shmem_is_huge() functions in mm/shmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

284) Improper error handling

EUVDB-ID: #VU97815

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46846

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the rockchip_spi_suspend() and rockchip_spi_resume() functions in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

285) Out-of-bounds read

EUVDB-ID: #VU96845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44988

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

286) Race condition

EUVDB-ID: #VU96546

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43892

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

287) Use-after-free

EUVDB-ID: #VU96840

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() and tcp_sk_exit_batch() functions in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

288) Resource management error

EUVDB-ID: #VU97828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46806

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the aqua_vanjaram_switch_partition_mode() function in drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

289) Input validation error

EUVDB-ID: #VU94842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41015

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

290) NULL pointer dereference

EUVDB-ID: #VU96527

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43906

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ta_if_invoke_debugfs_write() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

291) Infinite loop

EUVDB-ID: #VU95514

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42238

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cs_dsp_load() and cs_dsp_load_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

292) Memory leak

EUVDB-ID: #VU97486

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46779

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the to_pvr_vm_gpuva(), pvr_vm_gpuva_unmap() and pvr_vm_gpuva_remap() functions in drivers/gpu/drm/imagination/pvr_vm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

293) Use-after-free

EUVDB-ID: #VU94507

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41010

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ingress_init(), ingress_destroy(), clsact_init() and clsact_destroy() functions in net/sched/sch_ingress.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

294) Resource management error

EUVDB-ID: #VU95072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41068

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

295) Resource management error

EUVDB-ID: #VU97559

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46730

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the acquire_otg_master_pipe_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

296) Input validation error

EUVDB-ID: #VU97811

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46827

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath12k_station_assoc() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

297) Input validation error

EUVDB-ID: #VU95099

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42120

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

298) Use of uninitialized resource

EUVDB-ID: #VU95033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41059

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

299) Race condition

EUVDB-ID: #VU97823

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46850

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the dcn35_set_drr() function in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

300) NULL pointer dereference

EUVDB-ID: #VU96132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52889

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

301) Improper locking

EUVDB-ID: #VU97177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45017

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipsec_fs_roce_tx_mpv_create() and ipsec_fs_roce_rx_mpv_create() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

302) Use-after-free

EUVDB-ID: #VU96843

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45003

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

303) Incorrect calculation

EUVDB-ID: #VU97833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46844

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

304) Resource management error

EUVDB-ID: #VU97829

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46816

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

305) Reachable assertion

EUVDB-ID: #VU97812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46811

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the dcn321_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c, within the dcn32_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c, within the dcn303_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c, within the dcn302_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

306) Memory leak

EUVDB-ID: #VU94924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41023

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

307) Input validation error

EUVDB-ID: #VU96889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44948

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

308) Improper error handling

EUVDB-ID: #VU97544

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46753

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

309) NULL pointer dereference

EUVDB-ID: #VU96851

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45002

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the osnoise_init_top() function in tools/tracing/rtla/src/osnoise_top.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

310) Improper locking

EUVDB-ID: #VU95560

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42251

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the page_folio() function in mm/gup.c, within the filemap_get_folios_contig(), filemap_get_read_batch() and next_uptodate_folio() functions in mm/filemap.c, within the cifs_extend_writeback() function in fs/smb/client/file.c, within the afs_extend_writeback() function in fs/afs/write.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

311) Improper locking

EUVDB-ID: #VU97313

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

312) Improper error handling

EUVDB-ID: #VU96168

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42273

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __get_segment_type_6() function in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

313) Memory leak

EUVDB-ID: #VU97490

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46733

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

314) NULL pointer dereference

EUVDB-ID: #VU97528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46739

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

315) Use-after-free

EUVDB-ID: #VU94935

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42108

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rswitch_tx_free() function in drivers/net/ethernet/renesas/rswitch.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

316) NULL pointer dereference

EUVDB-ID: #VU94972

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41085

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cxl_mem_probe() function in drivers/cxl/mem.c, within the cxl_pmem_region_alloc() function in drivers/cxl/core/region.c, within the match_nvdimm_bridge() and cxlmd_release_nvdimm() functions in drivers/cxl/core/pmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

317) Input validation error

EUVDB-ID: #VU95110

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41033

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the workingset_eviction(), workingset_test_recent() and workingset_refault() functions in mm/workingset.c, within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

318) NULL pointer dereference

EUVDB-ID: #VU96138

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42298

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qmc_audio_dai_parse() function in sound/soc/fsl/fsl_qmc_audio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

319) Resource management error

EUVDB-ID: #VU97831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46835

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gfx_v11_0_hw_init() function in drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

320) Out-of-bounds read

EUVDB-ID: #VU93820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39472

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

321) Division by zero

EUVDB-ID: #VU98372

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47663

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

322) NULL pointer dereference

EUVDB-ID: #VU96119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43859

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the f2fs_set_inode_flags() function in fs/f2fs/inode.c, within the f2fs_file_mmap() and f2fs_file_open() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

323) Resource management error

EUVDB-ID: #VU96188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43820

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the raid_resume() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

324) Reachable assertion

EUVDB-ID: #VU95006

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42118

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the resource_stream_to_stream_idx() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

325) Improper locking

EUVDB-ID: #VU94995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41036

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ks8851_tx_work() function in drivers/net/ethernet/micrel/ks8851_spi.c, within the ks8851_irq() and ks8851_set_rx_mode() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

326) NULL pointer dereference

EUVDB-ID: #VU98979

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47683

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the is_dsc_need_re_compute() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

327) Use of uninitialized resource

EUVDB-ID: #VU95027

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42161

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

328) NULL pointer dereference

EUVDB-ID: #VU95505

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42235

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the crst_table_alloc() and base_crst_alloc() functions in arch/s390/mm/pgalloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

329) Memory leak

EUVDB-ID: #VU96290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43861

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

330) Improper locking

EUVDB-ID: #VU96297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43863

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

331) Buffer overflow

EUVDB-ID: #VU98376

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47668

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

332) NULL pointer dereference

EUVDB-ID: #VU97259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46685

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

333) Memory leak

EUVDB-ID: #VU96289

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43864

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlx5_tc_ct_entry_destroy_mod_hdr() function in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

334) NULL pointer dereference

EUVDB-ID: #VU97526

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46749

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btnxpuart_close() and btnxpuart_flush() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

335) Use of uninitialized resource

EUVDB-ID: #VU96869

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44983

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_skb_encap_protocol() function in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

336) Improper error handling

EUVDB-ID: #VU97814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46841

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

337) Buffer overflow

EUVDB-ID: #VU95055

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42082

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

338) NULL pointer dereference

EUVDB-ID: #VU96131

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43818

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the st_es8336_late_probe() function in sound/soc/amd/acp-es8336.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

339) Out-of-bounds read

EUVDB-ID: #VU94956

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41071

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

340) NULL pointer dereference

EUVDB-ID: #VU96852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45006

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

341) Input validation error

EUVDB-ID: #VU95103

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42080

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rdma_restrack_init() and type2str() functions in drivers/infiniband/core/restrack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

342) Input validation error

EUVDB-ID: #VU97840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46825

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/wireless/intel/iwlwifi/mvm/mvm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

343) Use-after-free

EUVDB-ID: #VU97254

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46687

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

344) Improper locking

EUVDB-ID: #VU96863

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tracefs_alloc_inode(), tracefs_free_inode() and tracefs_drop_inode() functions in fs/tracefs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

345) Improper locking

EUVDB-ID: #VU96148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43835

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the virtnet_receive(), virtnet_poll_cleantx(), virtnet_poll() and virtnet_poll_tx() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

346) Use-after-free

EUVDB-ID: #VU96514

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43891

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the trigger_start(), event_trigger_regex_open() and event_trigger_regex_write() functions in kernel/trace/trace_events_trigger.c, within the event_inject_write() function in kernel/trace/trace_events_inject.c, within the hist_show() and hist_debug_show() functions in kernel/trace/trace_events_hist.c, within the event_enable_read(), event_enable_write(), f_next(), f_show(), event_filter_read(), event_filter_write() and event_callback() functions in kernel/trace/trace_events.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

347) Race condition

EUVDB-ID: #VU97824

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46851

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the dcn10_set_drr() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

348) Improper error handling

EUVDB-ID: #VU95512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42248

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ma35d1serial_probe() function in drivers/tty/serial/ma35d1_serial.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

349) Improper error handling

EUVDB-ID: #VU95016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42103

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the btrfs_reclaim_bgs_work() function in fs/btrfs/block-group.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

350) NULL pointer dereference

EUVDB-ID: #VU94968

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42079

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

351) Incorrect calculation

EUVDB-ID: #VU95076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42068

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

352) Division by zero

EUVDB-ID: #VU98373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47664

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

353) Memory leak

EUVDB-ID: #VU97776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

354) Input validation error

EUVDB-ID: #VU96865

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44973

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __kmem_cache_free_bulk() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

355) Resource management error

EUVDB-ID: #VU95068

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42077

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

356) Input validation error

EUVDB-ID: #VU97841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46821

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the navi10_get_current_clk_freq_by_table(), navi10_emit_clk_levels(), navi10_print_clk_levels() and navi10_force_clk_levels() functions in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

357) NULL pointer dereference

EUVDB-ID: #VU96537

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43886

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

358) NULL pointer dereference

EUVDB-ID: #VU94971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41089

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

359) Resource management error

EUVDB-ID: #VU96185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43850

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bwmon_start() and bwmon_probe() functions in drivers/soc/qcom/icc-bwmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

360) Improper locking

EUVDB-ID: #VU96855

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

361) Improper error handling

EUVDB-ID: #VU97813

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

362) Improper neutralization of directives in statically saved code (\'static code injection\')

EUVDB-ID: #VU95052

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42084

CWE-ID: CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

363) Integer underflow

EUVDB-ID: #VU97553

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46758

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

364) Input validation error

EUVDB-ID: #VU98378

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47662

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dmub_dcn35_get_current_time() and dmub_dcn35_get_diagnostic_data() functions in drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

365) Input validation error

EUVDB-ID: #VU96197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43839

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

366) Use-after-free

EUVDB-ID: #VU97491

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46738

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

367) Improper error handling

EUVDB-ID: #VU95020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41034

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

368) Use of uninitialized resource

EUVDB-ID: #VU95029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42228

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

369) Input validation error

EUVDB-ID: #VU95094

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42147

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dfx_regs_uninit(), qm_diff_regs_init() and qm_last_regs_init() functions in drivers/crypto/hisilicon/debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

370) Improper locking

EUVDB-ID: #VU96147

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43855

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

371) Buffer overflow

EUVDB-ID: #VU95079

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

372) NULL pointer dereference

EUVDB-ID: #VU97797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46819

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

373) NULL pointer dereference

EUVDB-ID: #VU96847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44989

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

374) Input validation error

EUVDB-ID: #VU96203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42265

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

375) Resource management error

EUVDB-ID: #VU95050

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42110

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ntb_netdev_rx_handler() function in drivers/net/ntb_netdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

376) Input validation error

EUVDB-ID: #VU95092

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42155

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

377) Improper error handling

EUVDB-ID: #VU96867

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45005

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/s390/kvm/kvm-s390.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

378) Use-after-free

EUVDB-ID: #VU97169

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45016

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

379) Improper locking

EUVDB-ID: #VU94984

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iso_sock_recvmsg() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

380) NULL pointer dereference

EUVDB-ID: #VU96129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43821

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_xcvr_data_show() function in drivers/scsi/lpfc/lpfc_attr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

381) Input validation error

EUVDB-ID: #VU96193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42299

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the blksize_bits() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

382) Resource management error

EUVDB-ID: #VU96875

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44950

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sc16is7xx_set_baud() function in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

383) Improper error handling

EUVDB-ID: #VU96167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42279

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the REG_CONTROL2() and mchp_corespi_transfer_one() functions in drivers/spi/spi-microchip-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

384) Resource management error

EUVDB-ID: #VU96598

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44943

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hugetlb_follow_page_mask() function in mm/hugetlb.c, within the follow_devmap_pmd(), follow_devmap_pud() and follow_trans_huge_pmd() functions in mm/huge_memory.c, within the try_grab_folio(), gup_put_folio(), follow_page_pte(), get_gate_page(), undo_dev_pagemap(), gup_pte_range(), __gup_device_huge(), gup_hugepte(), gup_huge_pmd(), gup_huge_pud() and gup_huge_pgd() functions in mm/gup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

385) NULL pointer dereference

EUVDB-ID: #VU96529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43904

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_apply_idle_power_optimizations() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

386) Improper locking

EUVDB-ID: #VU96159

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42268

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5_fw_reset_set_live_patch() and mlx5_fw_reset_complete_reload() functions in drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

387) NULL pointer dereference

EUVDB-ID: #VU94964

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42089

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fsl_asoc_card_probe() function in sound/soc/fsl/fsl-asoc-card.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

388) NULL pointer dereference

EUVDB-ID: #VU97794

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46807

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

389) Resource management error

EUVDB-ID: #VU96879

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44996

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __vsock_recvmsg() function in net/vmw_vsock/vsock_bpf.c, within the __vsock_dgram_recvmsg(), vsock_connectible_recvmsg() and release_sock() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

390) Double free

EUVDB-ID: #VU95009

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42069

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the add_adev() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

391) NULL pointer dereference

EUVDB-ID: #VU97175

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46672

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

392) Resource management error

EUVDB-ID: #VU96553

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44940

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

393) NULL pointer dereference

EUVDB-ID: #VU96145

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42270

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iptable_nat_init() function in net/ipv4/netfilter/iptable_nat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

394) NULL pointer dereference

EUVDB-ID: #VU97530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46735

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ublk_ctrl_start_recovery() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

395) Resource management error

EUVDB-ID: #VU96190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42319

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cmdq_probe() function in drivers/mailbox/mtk-cmdq-mailbox.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

396) Input validation error

EUVDB-ID: #VU97566

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46754

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

397) Input validation error

EUVDB-ID: #VU97836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46861

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ipheth_rcvbulk_callback() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

398) NULL pointer dereference

EUVDB-ID: #VU96144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42277

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sprd_iommu_cleanup() function in drivers/iommu/sprd-iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

399) NULL pointer dereference

EUVDB-ID: #VU94980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41054

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and ufshcd_mcq_sq_cleanup() functions in drivers/ufs/core/ufs-mcq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

400) Integer overflow

EUVDB-ID: #VU95035

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42131

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

401) Input validation error

EUVDB-ID: #VU95107

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41056

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cs_dsp_coeff_parse_alg() and cs_dsp_coeff_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

402) Memory leak

EUVDB-ID: #VU96830

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44963

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_delete_free_space_tree() function in fs/btrfs/free-space-tree.c, within the btrfs_free_tree_block(), clear_bit() and walk_up_proc() functions in fs/btrfs/extent-tree.c, within the btrfs_force_cow_block(), balance_level(), insert_new_root() and btrfs_del_leaf() functions in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

403) Input validation error

EUVDB-ID: #VU96204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42267

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the no_context() function in arch/riscv/mm/fault.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

404) Memory leak

EUVDB-ID: #VU96195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42283

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

405) NULL pointer dereference

EUVDB-ID: #VU96133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42320

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dasd_copy_pair_store() function in drivers/s390/block/dasd_devmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

406) Use-after-free

EUVDB-ID: #VU97492

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46740

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

407) Improper locking

EUVDB-ID: #VU97536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46787

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

408) NULL pointer dereference

EUVDB-ID: #VU96535

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43895

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the is_dsc_need_re_compute() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

409) Memory leak

EUVDB-ID: #VU96288

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ath12k_dp_rx_h_defrag_reo_reinject() and spin_unlock_bh() functions in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

410) Resource management error

EUVDB-ID: #VU96881

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44961

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_job_prepare_job() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

411) Out-of-bounds read

EUVDB-ID: #VU96518

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43910

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the process_dynptr_func(), btf_check_func_arg_match() and check_kfunc_args() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

412) Input validation error

EUVDB-ID: #VU96298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43875

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vpci_scan_bus() and epf_ntb_bind() functions in drivers/pci/endpoint/functions/pci-epf-vntb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

413) NULL pointer dereference

EUVDB-ID: #VU96139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42289

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

414) Use-after-free

EUVDB-ID: #VU96104

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

415) Improper locking

EUVDB-ID: #VU96152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42315

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the exfat_get_dentry_set() function in fs/exfat/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

416) NULL pointer dereference

EUVDB-ID: #VU96538

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43884

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

417) Improper locking

EUVDB-ID: #VU97809

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46867

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the show_meminfo() function in drivers/gpu/drm/xe/xe_drm_client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

418) Input validation error

EUVDB-ID: #VU96548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43912

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __nl80211_set_channel() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

419) Resource management error

EUVDB-ID: #VU94345

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41007

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

420) Out-of-bounds read

EUVDB-ID: #VU97503

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46743

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

421) Buffer overflow

EUVDB-ID: #VU97287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46675

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

422) Buffer overflow

EUVDB-ID: #VU96302

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43877

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ivtvfb_prep_dec_dma_to_device() function in drivers/media/pci/ivtv/ivtvfb.c, within the ivtv_yuv_prep_user_dma() function in drivers/media/pci/ivtv/ivtv-yuv.c, within the ivtv_udma_setup() function in drivers/media/pci/ivtv/ivtv-udma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

423) Use-after-free

EUVDB-ID: #VU93834

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39486

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_file_update_pid() function in drivers/gpu/drm/drm_file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

424) Improper locking

EUVDB-ID: #VU94993

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41050

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cachefiles_ondemand_send_req() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

425) Out-of-bounds read

EUVDB-ID: #VU96113

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43858

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

426) Use of uninitialized resource

EUVDB-ID: #VU97182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45018

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

427) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

428) Improper locking

EUVDB-ID: #VU97539

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46750

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

429) Improper locking

EUVDB-ID: #VU97808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46840

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

430) Resource management error

EUVDB-ID: #VU95049

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42150

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the txgbe_open() function in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c, within the txgbe_irq_enable(), txgbe_request_irq() and txgbe_setup_misc_irq() functions in drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c, within the wx_free_irq() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c, within the wx_sw_init() function in drivers/net/ethernet/wangxun/libwx/wx_hw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

431) Out-of-bounds read

EUVDB-ID: #VU94954

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41028

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/platform/x86/toshiba_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

432) Input validation error

EUVDB-ID: #VU95102

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42091

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xe_pat_dump() function in drivers/gpu/drm/xe/xe_pat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

433) NULL pointer dereference

EUVDB-ID: #VU96536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43894

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

434) Memory leak

EUVDB-ID: #VU96285

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43869

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_sched_out(), exclusive_event_installable(), perf_pending_task() and perf_event_alloc() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

435) Resource management error

EUVDB-ID: #VU95060

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42132

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hci_conn_hash_alloc_unset() and hci_conn_add_unset() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

436) Integer overflow

EUVDB-ID: #VU97550

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46777

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

437) Use of uninitialized resource

EUVDB-ID: #VU95024

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42106

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

438) Infinite loop

EUVDB-ID: #VU97820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46848

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

439) Buffer overflow

EUVDB-ID: #VU95048

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41038

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the cs_dsp_coeff_parse_string(), cs_dsp_coeff_parse_int(), cs_dsp_coeff_parse_coeff() and cs_dsp_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

440) Incorrect calculation

EUVDB-ID: #VU97284

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46711

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the !!() and mptcp_pm_nl_add_addr_received() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

441) NULL pointer dereference

EUVDB-ID: #VU96123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43833

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the v4l2_async_create_ancillary_links() function in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

442) Incorrect calculation

EUVDB-ID: #VU97283

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46710

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the vmw_bo_map_and_cache_size() and vmw_bo_init() functions in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

443) Input validation error

EUVDB-ID: #VU97845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46812

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ModeSupportAndSystemConfiguration() function in drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

444) Use of uninitialized resource

EUVDB-ID: #VU96172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42311

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

445) Infinite loop

EUVDB-ID: #VU97277

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46701

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the simple_offset_destroy(), offset_dir_llseek(), offset_dir_emit() and offset_iterate_dir() functions in fs/libfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

446) Use-after-free

EUVDB-ID: #VU97253

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46683

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xe_preempt_fence_arm() function in drivers/gpu/drm/xe/xe_preempt_fence.c, within the xe_exec_queue_create_ioctl() function in drivers/gpu/drm/xe/xe_exec_queue.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

447) Improper locking

EUVDB-ID: #VU97180

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45029

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tegra_i2c_probe() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

448) Improper locking

EUVDB-ID: #VU97804

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46830

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

449) NULL pointer dereference

EUVDB-ID: #VU97801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46857

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

450) Use-after-free

EUVDB-ID: #VU96836

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44979

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pf_queue_work_func() and xe_gt_pagefault_init() functions in drivers/gpu/drm/xe/xe_gt_pagefault.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

451) Use of uninitialized resource

EUVDB-ID: #VU96870

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44999

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

452) Use-after-free

EUVDB-ID: #VU96837

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44985

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_xmit() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

453) Input validation error

EUVDB-ID: #VU97565

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46773

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dm_update_mst_vcpi_slots_for_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

454) Buffer overflow

EUVDB-ID: #VU97183

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45022

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the vm_area_alloc_pages() function in mm/vmalloc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

455) Input validation error

EUVDB-ID: #VU97567

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46772

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

456) NULL pointer dereference

EUVDB-ID: #VU96854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44960

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_ep_enable() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

457) Improper error handling

EUVDB-ID: #VU95511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42243

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the include/linux/pagemap.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

458) Resource management error

EUVDB-ID: #VU95064

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42158

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

459) NULL pointer dereference

EUVDB-ID: #VU96130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43819

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

460) Buffer overflow

EUVDB-ID: #VU97189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45030

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igb_set_rx_buffer_len() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

461) NULL pointer dereference

EUVDB-ID: #VU94965

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42085

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_suspend_common() and dwc3_resume_common() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

462) Improper locking

EUVDB-ID: #VU96158

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42274

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the update_pcm_pointers() and amdtp_domain_stream_pcm_pointer() functions in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

463) Use-after-free

EUVDB-ID: #VU96838

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_finish_output2() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

464) NULL pointer dereference

EUVDB-ID: #VU94982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41048

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

465) Input validation error

EUVDB-ID: #VU95100

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42098

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ecdh_set_secret() function in crypto/ecdh.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

466) Input validation error

EUVDB-ID: #VU97270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46680

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ps_wakeup(), btnxpuart_close() and nxp_serdev_remove() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

467) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52918

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

468) Use-after-free

EUVDB-ID: #VU97251

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46673

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

469) Out-of-bounds read

EUVDB-ID: #VU97789

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46834

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ethtool_set_channels() function in net/ethtool/ioctl.c, within the ethtool_get_max_rxfh_channel() function in net/ethtool/common.c, within the ethnl_set_channels() function in net/ethtool/channels.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

470) Buffer overflow

EUVDB-ID: #VU96177

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42288

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

471) Use-after-free

EUVDB-ID: #VU96842

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

472) Use of uninitialized resource

EUVDB-ID: #VU95025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42113

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the wx_set_interrupt_capability() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

473) Buffer overflow

EUVDB-ID: #VU95040

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42094

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the iucv_setmask_mp() and iucv_cpu_online() functions in net/iucv/iucv.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

474) Use of uninitialized resource

EUVDB-ID: #VU95028

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42225

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mt7915_mcu_add_nested_subtlv() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c, within the mt76_connac_mcu_add_nested_tlv(), mt76_connac_mcu_hw_scan(), mt76_connac_mcu_sched_scan_req(), mt76_connac_mcu_update_gtk_rekey() and mt76_connac_mcu_set_wow_pattern() functions in drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

475) Use-after-free

EUVDB-ID: #VU94933

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42112

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the txgbe_open() and txgbe_remove() functions in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c, within the wx_free_irq() and ngbe_close() functions in drivers/net/ethernet/wangxun/ngbe/ngbe_main.c, within the wx_setup_isb_resources() and wx_free_all_tx_resources() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

476) Improper locking

EUVDB-ID: #VU94983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42153

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

477) Resource management error

EUVDB-ID: #VU96305

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43880

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

478) NULL pointer dereference

EUVDB-ID: #VU96528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43905

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

479) NULL pointer dereference

EUVDB-ID: #VU96530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43902

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

480) Infinite loop

EUVDB-ID: #VU97278

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46681

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

481) Memory leak

EUVDB-ID: #VU95502

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

482) Improper locking

EUVDB-ID: #VU96151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42294

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the del_gendisk() function in block/genhd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

483) Out-of-bounds read

EUVDB-ID: #VU97507

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46793

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_cht_mc_probe() function in sound/soc/intel/boards/cht_bsw_rt5672.c, within the snd_cht_mc_probe() function in sound/soc/intel/boards/cht_bsw_rt5645.c, within the snd_byt_wm5102_mc_probe() function in sound/soc/intel/boards/bytcr_wm5102.c, within the snd_byt_rt5651_mc_probe() function in sound/soc/intel/boards/bytcr_rt5651.c, within the snd_byt_rt5640_mc_probe() function in sound/soc/intel/boards/bytcr_rt5640.c, within the snd_byt_cht_es8316_mc_probe() function in sound/soc/intel/boards/bytcht_es8316.c, within the bytcht_da7213_probe() function in sound/soc/intel/boards/bytcht_da7213.c, within the snd_byt_cht_cx2072x_probe() function in sound/soc/intel/boards/bytcht_cx2072x.c, within the broxton_audio_probe() function in sound/soc/intel/boards/bxt_rt298.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

484) Improper locking

EUVDB-ID: #VU96295

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43882

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

485) Memory leak

EUVDB-ID: #VU96711

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

486) Use-after-free

EUVDB-ID: #VU97781

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46849

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

487) Improper locking

EUVDB-ID: #VU96859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

488) Off-by-one

EUVDB-ID: #VU97818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46852

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the cma_heap_vm_fault() function in drivers/dma-buf/heaps/cma_heap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

489) Use-after-free

EUVDB-ID: #VU94942

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41070

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

490) Use-after-free

EUVDB-ID: #VU94943

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41069

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

491) Improper Initialization

EUVDB-ID: #VU97825

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46864

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the hv_machine_shutdown() function in arch/x86/kernel/cpu/mshyperv.c, within the EXPORT_SYMBOL_GPL(), register_syscore_ops() and wrmsrl() functions in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

492) Resource management error

EUVDB-ID: #VU97280

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46703

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the omap8250_suspend() and omap8250_resume() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

493) NULL pointer dereference

EUVDB-ID: #VU96124

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43829

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qxl_add_mode() function in drivers/gpu/drm/qxl/qxl_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

494) Input validation error

EUVDB-ID: #VU97838

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46802

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

495) NULL pointer dereference

EUVDB-ID: #VU94963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42101

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

496) NULL pointer dereference

EUVDB-ID: #VU96848

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44990

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

497) Double free

EUVDB-ID: #VU96162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43830

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

498) Improper privilege management

EUVDB-ID: #VU95085

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41029

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the nvmem_populate_sysfs_cells() function in drivers/nvmem/core.c. A local user can read and manipulate data.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

499) NULL pointer dereference

EUVDB-ID: #VU96293

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43866

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

500) Division by zero

EUVDB-ID: #VU96545

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43889

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

501) Resource management error

EUVDB-ID: #VU95062

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42230

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

502) Improper locking

EUVDB-ID: #VU97267

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46692

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the scm_get_wq_ctx() function in drivers/firmware/qcom_scm-smc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

503) Input validation error

EUVDB-ID: #VU95096

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42133

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_le_big_sync_established_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

504) Use-after-free

EUVDB-ID: #VU97168

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45013

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_stop_ctrl() and EXPORT_SYMBOL_GPL() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

505) Use of uninitialized resource

EUVDB-ID: #VU95031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42076

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the MODULE_ALIAS() and j1939_send_one() functions in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

506) NULL pointer dereference

EUVDB-ID: #VU97796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46810

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tc_irq_handler() function in drivers/gpu/drm/bridge/tc358767.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

507) Resource management error

EUVDB-ID: #VU95058

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42128

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the an30259a_probe() function in drivers/leds/leds-an30259a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

508) Reachable assertion

EUVDB-ID: #VU97541

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46718

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the xe_migrate_prepare_vm() function in drivers/gpu/drm/xe/xe_migrate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

509) Input validation error

EUVDB-ID: #VU97844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46814

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

510) Resource management error

EUVDB-ID: #VU96187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43841

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

511) Use of uninitialized resource

EUVDB-ID: #VU96300

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43873

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the vhost_vsock_dev_open() and vhost_vsock_set_features() functions in drivers/vhost/vsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

512) Input validation error

EUVDB-ID: #VU95000

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42092

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the davinci_gpio_probe() function in drivers/gpio/gpio-davinci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

513) Improper locking

EUVDB-ID: #VU95087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41074

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cachefiles_ondemand_copen() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

514) NULL pointer dereference

EUVDB-ID: #VU94974

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41083

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the netfs_page_mkwrite() function in fs/netfs/buffered_write.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

515) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

516) Input validation error

EUVDB-ID: #VU96198

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43842

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtw89_sta_info_get_iter() function in drivers/net/wireless/realtek/rtw89/debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

517) NULL pointer dereference

EUVDB-ID: #VU94976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41077

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

518) NULL pointer dereference

EUVDB-ID: #VU97533

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46720

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

519) NULL pointer dereference

EUVDB-ID: #VU97516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46795

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_sess_setup() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

520) Out-of-bounds read

EUVDB-ID: #VU97785

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46813

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

521) NULL pointer dereference

EUVDB-ID: #VU97793

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46805

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psp_xgmi_reflect_topology_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

522) Input validation error

EUVDB-ID: #VU95083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42142

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the acl_ingress_ofld_setup(), esw_acl_ingress_src_port_drop_create(), esw_acl_ingress_ofld_groups_destroy() and esw_acl_ingress_ofld_setup() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

523) Input validation error

EUVDB-ID: #VU96207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42291

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ice_vc_fdir_reset_cnt_all(), ice_vc_add_fdir_fltr_post(), ice_vc_del_fdir_fltr_post() and ice_vc_add_fdir_fltr() functions in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c, within the ice_parse_rx_flow_user_data() function in drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

524) Resource management error

EUVDB-ID: #VU96186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43846

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the objagg_obj_parent_assign() function in lib/objagg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

525) Use-after-free

EUVDB-ID: #VU94945

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41057

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_free_volume() function in fs/cachefiles/volume.c, within the cachefiles_withdraw_objects() and cachefiles_withdraw_cache() functions in fs/cachefiles/cache.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

526) Memory leak

EUVDB-ID: #VU96286

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43870

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_sched_out() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

527) Memory leak

EUVDB-ID: #VU96827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44980

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xe_display_fini_noirq() and xe_display_init_noirq() functions in drivers/gpu/drm/xe/display/xe_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

528) Use-after-free

EUVDB-ID: #VU97784

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46866

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xe_drm_client_add_bo(), bo_meminfo() and show_meminfo() functions in drivers/gpu/drm/xe/xe_drm_client.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

529) NULL pointer dereference

EUVDB-ID: #VU96125

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43827

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_mall_phantom.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

530) Resource management error

EUVDB-ID: #VU96178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43840

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

531) Use-after-free

EUVDB-ID: #VU96106

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

532) Input validation error

EUVDB-ID: #VU96202

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42261

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the v3d_get_cpu_timestamp_query_params(), v3d_get_cpu_reset_timestamp_params() and v3d_get_cpu_copy_query_results_params() functions in drivers/gpu/drm/v3d/v3d_submit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

533) Infinite loop

EUVDB-ID: #VU95515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42246

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

534) Use-after-free

EUVDB-ID: #VU94932

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42115

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

535) NULL pointer dereference

EUVDB-ID: #VU97260

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46686

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

536) NULL pointer dereference

EUVDB-ID: #VU96118

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43860

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

537) NULL pointer dereference

EUVDB-ID: #VU97795

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46808

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpcd_extend_address_range() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dpcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

538) Improper error handling

EUVDB-ID: #VU95013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42149

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the fs_bdev_thaw() function in fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

539) Out-of-bounds read

EUVDB-ID: #VU97786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

540) NULL pointer dereference

EUVDB-ID: #VU96522

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44935

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

541) Input validation error

EUVDB-ID: #VU96199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43847

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/wireless/ath/ath12k/hw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

542) Input validation error

EUVDB-ID: #VU96890

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44967

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mga_i2c_read_gpio(), mga_gpio_getscl() and mgag200_i2c_init() functions in drivers/gpu/drm/mgag200/mgag200_i2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

543) Resource management error

EUVDB-ID: #VU97830

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46817

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

544) NULL pointer dereference

EUVDB-ID: #VU97532

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46721

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

545) Resource management error

EUVDB-ID: #VU96182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42305

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

546) Out-of-bounds read

EUVDB-ID: #VU97506

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46766

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ice_napi_add(), ice_reinit_interrupt_scheme(), ice_suspend() and ice_vsi_open() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_cfg_def(), ice_vsi_close() and ice_dis_vsi() functions in drivers/net/ethernet/intel/ice/ice_lib.c, within the ice_free_q_vector() function in drivers/net/ethernet/intel/ice/ice_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

547) Input validation error

EUVDB-ID: #VU96542

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43914

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

548) NULL pointer dereference

EUVDB-ID: #VU97524

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46760

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rtw_usb_init_rx() and rtw_usb_probe() functions in drivers/net/wireless/realtek/rtw88/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

549) Out-of-bounds read

EUVDB-ID: #VU94955

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41061

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dml2_calculate_rq_and_dlg_params() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

550) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41091

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

551) Buffer overflow

EUVDB-ID: #VU96544

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43890

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

552) Use-after-free

EUVDB-ID: #VU96110

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42314

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the add_ra_bio_pages() function in fs/btrfs/compression.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

553) Input validation error

EUVDB-ID: #VU95084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42064

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dml2_calculate_rq_and_dlg_params() and dml2_verify_det_buffer_configuration() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

554) Use-after-free

EUVDB-ID: #VU96108

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42302

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

555) Improper error handling

EUVDB-ID: #VU96543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43887

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the tcp_ao_key_free_rcu() function in net/ipv4/tcp_ao.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

556) Improper locking

EUVDB-ID: #VU97805

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46832

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the r4k_clockevent_init() function in arch/mips/kernel/cevt-r4k.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

557) NULL pointer dereference

EUVDB-ID: #VU97522

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46765

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_xsk_pool_setup() function in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_clear_hw_tbls(), ice_xdp_setup_prog() and ice_xdp() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_free(), ice_vsi_alloc() and ice_vsi_rebuild() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

558) NULL pointer dereference

EUVDB-ID: #VU97520

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46770

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

559) Improper locking

EUVDB-ID: #VU94990

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41080

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

560) Resource management error

EUVDB-ID: #VU95562

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42253

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pca953x_irq_bus_sync_unlock() function in drivers/gpio/gpio-pca953x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

561) Use-after-free

EUVDB-ID: #VU96549

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44941

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the do_read_inode() function in fs/f2fs/inode.c, within the sanity_check_extent_cache() and f2fs_init_read_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

562) Buffer overflow

EUVDB-ID: #VU96184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42306

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

563) Resource management error

EUVDB-ID: #VU95071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41027

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the userfaultfd_api() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

564) Infinite loop

EUVDB-ID: #VU97279

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46689

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

565) Use-after-free

EUVDB-ID: #VU97495

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46781

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

566) Resource management error

EUVDB-ID: #VU95518

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42247

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the swap_endian() function in drivers/net/wireguard/allowedips.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

567) Memory leak

EUVDB-ID: #VU94927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41066

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

568) NULL pointer dereference

EUVDB-ID: #VU96140

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42287

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

569) Resource management error

EUVDB-ID: #VU95067

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41097

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

570) NULL pointer dereference

EUVDB-ID: #VU96551

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44939

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dtInsert() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

571) Improper locking

EUVDB-ID: #VU97178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45019

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_tx_reporter_timeout_recover() function in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

572) Use-after-free

EUVDB-ID: #VU98598

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

573) Input validation error

EUVDB-ID: #VU97289

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46705

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xe_mmio_tile_vram_size(), xe_mmio_probe_vram(), devm_add_action_or_reset() and mmio_fini() functions in drivers/gpu/drm/xe/xe_mmio.c, within the xe_device_probe() function in drivers/gpu/drm/xe/xe_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

574) Improper error handling

EUVDB-ID: #VU95015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42119

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

575) Out-of-bounds read

EUVDB-ID: #VU97511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46725

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

576) Use-after-free

EUVDB-ID: #VU97494

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46746

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

577) Division by zero

EUVDB-ID: #VU97555

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46732

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

578) Input validation error

EUVDB-ID: #VU95003

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41042

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

579) Resource management error

EUVDB-ID: #VU96880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44958

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

580) Improper locking

EUVDB-ID: #VU94986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42114

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

581) Improper locking

EUVDB-ID: #VU96540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43893

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

582) Improper locking

EUVDB-ID: #VU98366

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47666

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pm8001_phy_control() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

583) Resource management error

EUVDB-ID: #VU97832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46843

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ufshcd_remove(), ufshcd_init() and blk_mq_free_tag_set() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

584) Improper locking

EUVDB-ID: #VU95561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42252

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

585) Integer overflow

EUVDB-ID: #VU95034

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42102

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

586) Integer overflow

EUVDB-ID: #VU95036

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42136

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the cdrom_ioctl_timed_media_change() function in drivers/cdrom/cdrom.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

587) Use-after-free

EUVDB-ID: #VU94948

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41045

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bpf_timer_delete_work(), __bpf_async_init() and __bpf_spin_unlock_irqrestore() functions in kernel/bpf/helpers.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

588) Input validation error

EUVDB-ID: #VU96201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42260

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the v3d_get_cpu_reset_performance_params() and v3d_get_cpu_copy_performance_query_params() functions in drivers/gpu/drm/v3d/v3d_submit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

589) Memory leak

EUVDB-ID: #VU97485

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46771

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

590) Input validation error

EUVDB-ID: #VU95097

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42124

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

591) Improper error handling

EUVDB-ID: #VU96165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42297

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

592) Use-after-free

EUVDB-ID: #VU96105

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42271

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

593) Use of uninitialized resource

EUVDB-ID: #VU96170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43845

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_rename() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

594) Input validation error

EUVDB-ID: #VU97568

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46775

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the perform_link_training_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c, within the hubbub2_program_watermarks() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c, within the dc_dmub_srv_cmd_run_list() and dc_dmub_srv_get_visual_confirm_color_cmd() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

595) Memory leak

EUVDB-ID: #VU94930

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41079

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvmet_execute_admin_connect() and nvmet_execute_io_connect() functions in drivers/nvme/target/fabrics-cmd.c, within the pr_debug() and nvmet_execute_auth_receive() functions in drivers/nvme/target/fabrics-cmd-auth.c, within the nvmet_req_init() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

596) Input validation error

EUVDB-ID: #VU96306

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43868

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYM_CODE_END() function in arch/riscv/purgatory/entry.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

597) Improper locking

EUVDB-ID: #VU94985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42140

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the machine_kexec_mask_interrupts() function in arch/riscv/kernel/machine_kexec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

598) Use-after-free

EUVDB-ID: #VU96109

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42313

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

599) Buffer overflow

EUVDB-ID: #VU95054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42145

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

600) Out-of-bounds read

EUVDB-ID: #VU97510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46724

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

601) NULL pointer dereference

EUVDB-ID: #VU97517

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46788

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the osnoise_migration_pending(), stop_kthread(), start_kthread() and start_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

602) Improper locking

EUVDB-ID: #VU95506

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the folio_migrate_mapping() function in mm/migrate.c, within the mem_cgroup_migrate() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

603) NULL pointer dereference

EUVDB-ID: #VU94958

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42144

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lvts_probe() function in drivers/thermal/mediatek/lvts_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

604) Use-after-free

EUVDB-ID: #VU96834

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

605) Input validation error

EUVDB-ID: #VU95001

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42097

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

606) Improper error handling

EUVDB-ID: #VU97548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46714

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

607) NULL pointer dereference

EUVDB-ID: #VU94979

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41055

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

608) Improper locking

EUVDB-ID: #VU96860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44956

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the preempt_fence_work_func() function in drivers/gpu/drm/xe/xe_preempt_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-gkeop-6.8 (Ubuntu package): before 6.8.0-1002.4

linux-image-gkeop (Ubuntu package): before 6.8.0-1002.4

linux-image-6.8.0-1002-gkeop (Ubuntu package): before 6.8.0-1002.4

CPE2.3

External links