Ubuntu update for linux-oem-6.11
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 29 |
| CVE-ID | CVE-2024-49914 CVE-2024-49912 CVE-2024-49919 CVE-2024-49905 CVE-2024-49909 CVE-2024-47704 CVE-2024-49916 CVE-2024-49908 CVE-2024-49899 CVE-2024-49923 CVE-2024-49921 CVE-2024-50264 CVE-2024-49911 CVE-2024-49893 CVE-2024-53057 CVE-2024-49904 CVE-2024-49898 CVE-2024-49907 CVE-2024-49897 CVE-2024-49913 CVE-2024-49967 CVE-2024-49922 CVE-2024-49920 CVE-2024-49896 CVE-2024-49906 CVE-2024-49917 CVE-2024-49910 CVE-2024-49915 CVE-2024-49918 |
| CWE-ID | CWE-476 CWE-20 CWE-416 CWE-388 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-oem-24.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.11.0-1010-oem (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 29 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU98933
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49914
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU98935
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49912
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the planes_changed_for_existing_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU98928
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn201_acquire_free_pipe_for_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU98958
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the handle_cursor_update() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU98938
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49909
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU98986
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47704
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_hpo_dp_throttled_vcp_size() and disable_hpo_dp_link_output() functions in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU98931
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49916
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn401_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU98939
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_update_cursor() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU99225
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49899
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU98950
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49923
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn21_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c, within the dcn20_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU98926
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49921
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU100612
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50264
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU98936
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper error handling
EUVDB-ID: #VU99073
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49893
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the commit_planes_for_stream_fast() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU100707
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53057
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU98959
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aca_banks_release(), aca_error_fini() and aca_manager_fini() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU98961
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subvp_drr_schedulable() and subvp_vblank_schedulable() functions in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU98925
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper error handling
EUVDB-ID: #VU99072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49897
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU98934
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49913
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU99223
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU98924
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49922
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU98927
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49920
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU98962
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49896
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU98940
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49906
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU98930
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU98937
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49910
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn401_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU98932
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49915
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU98929
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_acquire_idle_pipe_for_head_pipe_in_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1010.10
linux-image-6.11.0-1010-oem (Ubuntu package): before 6.11.0-1010.10
CPE2.3- cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1010-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7170-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
