Ubuntu update for linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2022-48938 CVE-2024-42156 CVE-2024-36953 CVE-2024-38538 CVE-2021-47501 CVE-2024-42068 CVE-2024-26947 CVE-2024-46724 CVE-2024-36968 CVE-2023-52497 CVE-2024-35951 CVE-2023-52488 CVE-2024-44940 CVE-2022-48733 CVE-2023-52498 CVE-2022-48943 CVE-2024-35904 CVE-2024-42077 CVE-2024-36938 CVE-2023-52639 CVE-2024-42240 CVE-2024-44942 CVE-2021-47076 |
| CWE-ID | CWE-20 CWE-388 CWE-908 CWE-476 CWE-682 CWE-416 CWE-125 CWE-369 CWE-400 CWE-404 CWE-399 CWE-667 CWE-362 CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-xilinx-zynqmp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-osp1 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-202-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-202-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-202-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1140-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1124-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1120-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1083-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU96438
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cdc_ncm_rx_fixup() function in drivers/net/usb/cdc_ncm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU95091
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper error handling
EUVDB-ID: #VU93450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36953
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of uninitialized resource
EUVDB-ID: #VU92373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38538
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU90392
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47501
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_dbg_dump_desc() function in drivers/net/ethernet/intel/i40e/i40e_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Incorrect calculation
EUVDB-ID: #VU95076
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42068
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU92213
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU97510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Division by zero
EUVDB-ID: #VU92008
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36968
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource exhaustion
EUVDB-ID: #VU93097
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52497
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper resource shutdown or release
EUVDB-ID: #VU93746
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35951
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the panfrost_mmu_map_fault_addr() and sg_free_table() functions in drivers/gpu/drm/panfrost/panfrost_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU94144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU96553
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44940
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU92895
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48733
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_wait_delalloc_flush() and btrfs_commit_transaction() functions in fs/btrfs/transaction.c, within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU90800
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52498
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU96433
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shadow_page_table_clear_flood() function in arch/x86/kvm/mmu/mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU93461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_sel_fs() function in security/selinux/selinuxfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU95068
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU90383
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Race condition
EUVDB-ID: #VU91483
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52639
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU95516
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42240
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU96552
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44942
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource exhaustion
EUVDB-ID: #VU92193
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47076
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1055.55
linux-image-virtual (Ubuntu package): before 5.4.0.202.198
linux-image-raspi2 (Ubuntu package): before 5.4.0.1120.150
linux-image-raspi (Ubuntu package): before 5.4.0.1120.150
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.202.198
linux-image-kvm (Ubuntu package): before 5.4.0.1124.120
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1083.112
linux-image-generic-lpae (Ubuntu package): before 5.4.0.202.198
linux-image-generic (Ubuntu package): before 5.4.0.202.198
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1140.142
linux-image-5.4.0-202-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-202-generic-lpae (Ubuntu package): before 5.4.0-202.222
linux-image-5.4.0-202-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-kvm (Ubuntu package): before 5.4.0-1124.132
linux-image-5.4.0-1120-raspi (Ubuntu package): before 5.4.0-1120.132
linux-image-5.4.0-1083-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1055-xilinx-zynqmp (Ubuntu package): before 5.4.0-1055.59
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-202-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1124-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1120-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1083-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1055-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7159-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
