Ubuntu update for linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2022-38096 CVE-2023-52821 CVE-2024-40910 CVE-2024-43892 CVE-2024-49967 CVE-2024-50264 CVE-2024-36952 CVE-2024-38553 CVE-2021-47101 CVE-2021-47001 CVE-2024-35965 CVE-2024-35963 CVE-2024-35966 CVE-2024-35967 CVE-2024-53057 CVE-2024-38597 |
| CWE-ID | CWE-476 CWE-401 CWE-362 CWE-20 CWE-416 CWE-667 CWE-908 CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-osp1 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-204-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-204-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-204-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1141-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1125-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1121-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU73764
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-38096
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU90430
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52821
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the versatile_panel_get_modes() function in drivers/gpu/drm/panel/panel-arm-versatile.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU94203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU96546
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43892
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU99223
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU100612
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50264
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU92369
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use of uninitialized resource
EUVDB-ID: #VU90882
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU94145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47001
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rpcrdma_xprt_connect() and rpcrdma_post_sends() functions in net/sunrpc/xprtrdma/verbs.c, within the rpcrdma_reply_handler() function in net/sunrpc/xprtrdma/rpc_rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU93797
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU93795
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_sock_setsockopt_old() and hci_sock_setsockopt() functions in net/bluetooth/hci_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU90306
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU90303
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35967
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU100707
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53057
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-virtual (Ubuntu package): before 5.4.0.204.200
linux-image-raspi2 (Ubuntu package): before 5.4.0.1121.151
linux-image-raspi (Ubuntu package): before 5.4.0.1121.151
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.204.200
linux-image-kvm (Ubuntu package): before 5.4.0.1125.121
linux-image-generic-lpae (Ubuntu package): before 5.4.0.204.200
linux-image-generic (Ubuntu package): before 5.4.0.204.200
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1141.143
linux-image-5.4.0-204-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-204-generic-lpae (Ubuntu package): before 5.4.0-204.224
linux-image-5.4.0-204-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1141-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1125-kvm (Ubuntu package): before 5.4.0-1125.133
linux-image-5.4.0-1121-raspi (Ubuntu package): before 5.4.0-1121.133
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-204-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1141-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1125-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1121-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7173-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
