Ubuntu update for linux-hwe-5.15
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 167 |
| CVE-ID | CVE-2024-49944 CVE-2024-49907 CVE-2024-50062 CVE-2024-36893 CVE-2024-49985 CVE-2024-49903 CVE-2024-49886 CVE-2024-50180 CVE-2024-47757 CVE-2024-49938 CVE-2024-49902 CVE-2024-47709 CVE-2024-49884 CVE-2024-49967 CVE-2024-49977 CVE-2024-47734 CVE-2024-49954 CVE-2024-49963 CVE-2024-47747 CVE-2024-50008 CVE-2024-47696 CVE-2024-50038 CVE-2024-46695 CVE-2024-47705 CVE-2024-49957 CVE-2024-38538 CVE-2024-50019 CVE-2024-38544 CVE-2024-50003 CVE-2024-50095 CVE-2024-50000 CVE-2024-49981 CVE-2024-49863 CVE-2024-47710 CVE-2024-49983 CVE-2024-26947 CVE-2024-46852 CVE-2024-49871 CVE-2024-49936 CVE-2024-47720 CVE-2024-49881 CVE-2024-47672 CVE-2024-50040 CVE-2024-49997 CVE-2024-50044 CVE-2023-52532 CVE-2024-47740 CVE-2024-44942 CVE-2024-49948 CVE-2023-52621 CVE-2024-49959 CVE-2024-47718 CVE-2024-50188 CVE-2024-47699 CVE-2024-47756 CVE-2024-47723 CVE-2024-46849 CVE-2024-50035 CVE-2024-50189 CVE-2024-47684 CVE-2024-49900 CVE-2024-50024 CVE-2024-49851 CVE-2024-49860 CVE-2024-49924 CVE-2024-49946 CVE-2024-44940 CVE-2023-52904 CVE-2024-47679 CVE-2024-47748 CVE-2023-52917 CVE-2024-47735 CVE-2024-46858 CVE-2024-35904 CVE-2024-47673 CVE-2024-49878 CVE-2024-47739 CVE-2024-49973 CVE-2024-49935 CVE-2024-49875 CVE-2024-49896 CVE-2024-47690 CVE-2024-50007 CVE-2024-49933 CVE-2024-49958 CVE-2024-49913 CVE-2024-49883 CVE-2024-47742 CVE-2024-41016 CVE-2024-50002 CVE-2024-49969 CVE-2024-46853 CVE-2024-50031 CVE-2024-47698 CVE-2024-47749 CVE-2024-50059 CVE-2024-49966 CVE-2024-50093 CVE-2024-27072 CVE-2024-50186 CVE-2024-49895 CVE-2024-38632 CVE-2024-49995 CVE-2024-38545 CVE-2024-38667 CVE-2024-36968 CVE-2024-49952 CVE-2024-50001 CVE-2024-47697 CVE-2024-50045 CVE-2024-49856 CVE-2024-49852 CVE-2024-47712 CVE-2023-52639 CVE-2024-49975 CVE-2024-42158 CVE-2024-49962 CVE-2024-50181 CVE-2024-42156 CVE-2024-46855 CVE-2024-47693 CVE-2024-47670 CVE-2024-47706 CVE-2024-50184 CVE-2024-49965 CVE-2024-39463 CVE-2024-50191 CVE-2024-49866 CVE-2024-49890 CVE-2024-49877 CVE-2024-49879 CVE-2024-49927 CVE-2024-50039 CVE-2024-46859 CVE-2024-47674 CVE-2024-50096 CVE-2024-50013 CVE-2024-46854 CVE-2024-49868 CVE-2024-49882 CVE-2024-47671 CVE-2024-50179 CVE-2024-44931 CVE-2024-50046 CVE-2024-50006 CVE-2024-49892 CVE-2024-49949 CVE-2024-42079 CVE-2024-46865 CVE-2024-47692 CVE-2024-47713 CVE-2024-47701 CVE-2024-49889 CVE-2024-49894 CVE-2024-50015 CVE-2024-49858 CVE-2024-49955 CVE-2024-49867 CVE-2024-35951 CVE-2024-50033 CVE-2024-49982 CVE-2024-47695 CVE-2024-50049 CVE-2024-49930 CVE-2024-50041 CVE-2024-47737 CVE-2024-47685 |
| CWE-ID | CWE-476 CWE-20 CWE-667 CWE-416 CWE-125 CWE-119 CWE-399 CWE-908 CWE-193 CWE-401 CWE-388 CWE-617 CWE-835 CWE-362 CWE-682 CWE-369 CWE-404 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-virtual-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04c (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-127-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-127-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-127-generic (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 167 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU98953
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49944
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU98925
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU99039
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU90380
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svdm_consume_identity(), tcpm_register_partner_altmodes(), tcpm_init_vconn(), tcpm_typec_connect(), tcpm_typec_disconnect() and tcpm_pwr_opmode_to_rp() functions in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU99013
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49985
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU98869
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49903
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU98903
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49886
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU100137
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50180
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU98913
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47757
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU99041
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU98910
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49902
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU99177
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47709
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU98867
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU99223
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU99221
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49977
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tc_setup_cbs() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU99174
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47734
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_xdp_get_xmit_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Resource management error
EUVDB-ID: #VU99149
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49954
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU99150
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49963
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU98888
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47747
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU99167
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50008
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU98899
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47696
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU99159
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50038
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU97268
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46695
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU98987
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47705
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU98941
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use of uninitialized resource
EUVDB-ID: #VU92373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38538
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Resource management error
EUVDB-ID: #VU99160
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50019
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU93344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU99218
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50003
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dmub_hpd_callback() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU99828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50095
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU98943
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50000
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU98878
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49981
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU98970
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49863
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper locking
EUVDB-ID: #VU99033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47710
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU98880
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49983
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU92213
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Off-by-one
EUVDB-ID: #VU97818
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46852
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the cma_heap_vm_fault() function in drivers/dma-buf/heaps/cma_heap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU98968
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49871
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU98873
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU98991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47720
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU98852
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49881
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU98368
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper error handling
EUVDB-ID: #VU99062
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50040
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Buffer overflow
EUVDB-ID: #VU99193
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49997
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU98997
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50044
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper error handling
EUVDB-ID: #VU90959
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52532
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mana_poll_tx_cq() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Input validation error
EUVDB-ID: #VU99228
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47740
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_ioc_start_atomic_write(), f2fs_ioc_commit_atomic_write(), f2fs_ioc_start_volatile_write(), f2fs_ioc_release_volatile_write() and f2fs_ioc_abort_volatile_write() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU96552
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44942
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Input validation error
EUVDB-ID: #VU99042
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Reachable assertion
EUVDB-ID: #VU90912
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52621
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper locking
EUVDB-ID: #VU99017
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU98894
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47718
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Buffer overflow
EUVDB-ID: #VU100138
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50188
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) NULL pointer dereference
EUVDB-ID: #VU98985
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47699
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) NULL pointer dereference
EUVDB-ID: #VU98976
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds read
EUVDB-ID: #VU98915
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU97781
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use of uninitialized resource
EUVDB-ID: #VU99083
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50035
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Buffer overflow
EUVDB-ID: #VU100145
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50189
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU98980
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47684
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use of uninitialized resource
EUVDB-ID: #VU99084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49900
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Infinite loop
EUVDB-ID: #VU99121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50024
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Memory leak
EUVDB-ID: #VU98860
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49851
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Buffer overflow
EUVDB-ID: #VU99194
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49860
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU98870
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49924
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improper locking
EUVDB-ID: #VU99018
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49946
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ppp_channel_bridge_input() function in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Resource management error
EUVDB-ID: #VU96553
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44940
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU96342
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the find_substream_format() function in sound/usb/pcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper locking
EUVDB-ID: #VU99031
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU98889
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47748
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) NULL pointer dereference
EUVDB-ID: #VU98973
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper locking
EUVDB-ID: #VU99025
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47735
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Use-after-free
EUVDB-ID: #VU97783
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46858
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU93461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_sel_fs() function in security/selinux/selinuxfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Resource management error
EUVDB-ID: #VU98375
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47673
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Resource management error
EUVDB-ID: #VU99169
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49878
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Improper locking
EUVDB-ID: #VU99021
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47739
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Buffer overflow
EUVDB-ID: #VU99156
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49973
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Race condition
EUVDB-ID: #VU99178
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49935
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Improper locking
EUVDB-ID: #VU99020
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49875
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU98962
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49896
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Improper error handling
EUVDB-ID: #VU99080
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47690
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Out-of-bounds read
EUVDB-ID: #VU98902
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50007
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Out-of-bounds read
EUVDB-ID: #VU98906
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49933
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Input validation error
EUVDB-ID: #VU99044
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49958
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) NULL pointer dereference
EUVDB-ID: #VU98934
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49913
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU98866
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49883
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Incorrect calculation
EUVDB-ID: #VU99188
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47742
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Out-of-bounds read
EUVDB-ID: #VU94837
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) NULL pointer dereference
EUVDB-ID: #VU98942
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50002
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Out-of-bounds read
EUVDB-ID: #VU98905
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use-after-free
EUVDB-ID: #VU97782
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Resource management error
EUVDB-ID: #VU99135
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50031
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Out-of-bounds read
EUVDB-ID: #VU98919
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47698
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU98971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Race condition
EUVDB-ID: #VU99125
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50059
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Improper error handling
EUVDB-ID: #VU99070
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49966
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Resource management error
EUVDB-ID: #VU99842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50093
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Improper locking
EUVDB-ID: #VU90765
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27072
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) NULL pointer dereference
EUVDB-ID: #VU100122
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50186
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sock_create() function in net/socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Out-of-bounds read
EUVDB-ID: #VU98911
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49895
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Memory leak
EUVDB-ID: #VU93020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Buffer overflow
EUVDB-ID: #VU99192
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Use-after-free
EUVDB-ID: #VU92306
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38545
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Buffer overflow
EUVDB-ID: #VU93168
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38667
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cpu_update_secondary_bootdata() function in arch/riscv/kernel/cpu_ops_spinwait.c, within the sbi_cpu_start() function in arch/riscv/kernel/cpu_ops_sbi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Division by zero
EUVDB-ID: #VU92008
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36968
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Buffer overflow
EUVDB-ID: #VU99151
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49952
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Buffer overflow
EUVDB-ID: #VU99157
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50001
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Out-of-bounds read
EUVDB-ID: #VU98920
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47697
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Input validation error
EUVDB-ID: #VU99038
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper locking
EUVDB-ID: #VU99029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49856
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Use-after-free
EUVDB-ID: #VU98891
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Use-after-free
EUVDB-ID: #VU98895
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47712
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Race condition
EUVDB-ID: #VU91483
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52639
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Memory leak
EUVDB-ID: #VU98854
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49975
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Resource management error
EUVDB-ID: #VU95064
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42158
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU98949
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49962
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Input validation error
EUVDB-ID: #VU100155
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50181
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the imx7d_clocks_init() function in drivers/clk/imx/clk-imx7d.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Input validation error
EUVDB-ID: #VU95091
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Memory leak
EUVDB-ID: #VU97777
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46855
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Resource management error
EUVDB-ID: #VU99176
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47693
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Out-of-bounds read
EUVDB-ID: #VU98365
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47670
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Use-after-free
EUVDB-ID: #VU98897
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47706
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Resource management error
EUVDB-ID: #VU100143
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50184
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Improper locking
EUVDB-ID: #VU99016
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Use-after-free
EUVDB-ID: #VU93322
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Improper locking
EUVDB-ID: #VU100127
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50191
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Resource management error
EUVDB-ID: #VU99146
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49866
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) NULL pointer dereference
EUVDB-ID: #VU98964
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49890
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) NULL pointer dereference
EUVDB-ID: #VU98966
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49877
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) NULL pointer dereference
EUVDB-ID: #VU98965
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Resource management error
EUVDB-ID: #VU99148
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49927
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Resource management error
EUVDB-ID: #VU99133
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50039
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Out-of-bounds read
EUVDB-ID: #VU97791
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46859
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Use-after-free
EUVDB-ID: #VU98598
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Buffer overflow
EUVDB-ID: #VU99843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50096
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Memory leak
EUVDB-ID: #VU98850
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50013
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exfat_load_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Memory leak
EUVDB-ID: #VU97776
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) NULL pointer dereference
EUVDB-ID: #VU98969
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49868
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Improper error handling
EUVDB-ID: #VU99076
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49882
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Memory leak
EUVDB-ID: #VU98377
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47671
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Input validation error
EUVDB-ID: #VU100154
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50179
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Memory leak
EUVDB-ID: #VU96512
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44931
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Improper locking
EUVDB-ID: #VU98996
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50046
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Improper locking
EUVDB-ID: #VU99011
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50006
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Input validation error
EUVDB-ID: #VU99224
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49892
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) NULL pointer dereference
EUVDB-ID: #VU98952
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49949
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) NULL pointer dereference
EUVDB-ID: #VU94968
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42079
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Use of uninitialized resource
EUVDB-ID: #VU97817
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46865
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gue_gro_receive() function in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) NULL pointer dereference
EUVDB-ID: #VU98983
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47692
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Improper locking
EUVDB-ID: #VU99032
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Use-after-free
EUVDB-ID: #VU98898
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47701
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Use-after-free
EUVDB-ID: #VU98868
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49889
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Out-of-bounds read
EUVDB-ID: #VU98912
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49894
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Buffer overflow
EUVDB-ID: #VU99099
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50015
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Buffer overflow
EUVDB-ID: #VU99152
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49858
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Resource management error
EUVDB-ID: #VU99172
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49955
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Use-after-free
EUVDB-ID: #VU98885
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Improper resource shutdown or release
EUVDB-ID: #VU93746
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35951
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the panfrost_mmu_map_fault_addr() and sg_free_table() functions in drivers/gpu/drm/panfrost/panfrost_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Use of uninitialized resource
EUVDB-ID: #VU99082
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50033
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Use-after-free
EUVDB-ID: #VU98879
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Out-of-bounds read
EUVDB-ID: #VU98921
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47695
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Input validation error
EUVDB-ID: #VU99203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Out-of-bounds read
EUVDB-ID: #VU98908
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49930
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Improper locking
EUVDB-ID: #VU98999
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50041
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Improper error handling
EUVDB-ID: #VU99078
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47737
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Use of uninitialized resource
EUVDB-ID: #VU99087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47685
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.127.137~20.04.1
linux-image-5.15.0-127-generic-lpae (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic-64k (Ubuntu package): before 5.15.0-127.137~20.04.1
linux-image-5.15.0-127-generic (Ubuntu package): before 5.15.0-127.137~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-127-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7166-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
