Ubuntu update for linux-azure
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 403 |
| CVE-ID | CVE-2024-44979 CVE-2024-47658 CVE-2024-44970 CVE-2024-43913 CVE-2024-46816 CVE-2024-46738 CVE-2024-46777 CVE-2024-46730 CVE-2024-46811 CVE-2024-44954 CVE-2024-42317 CVE-2024-42279 CVE-2024-45002 CVE-2024-43826 CVE-2024-44967 CVE-2024-46721 CVE-2024-46763 CVE-2024-43856 CVE-2024-42284 CVE-2024-42289 CVE-2024-46806 CVE-2024-46776 CVE-2024-43843 CVE-2024-42298 CVE-2024-43832 CVE-2024-42321 CVE-2024-42292 CVE-2024-44982 CVE-2024-43842 CVE-2024-46772 CVE-2024-46702 CVE-2024-45017 CVE-2024-43888 CVE-2024-47683 CVE-2024-46714 CVE-2024-43899 CVE-2024-45025 CVE-2024-46751 CVE-2024-45020 CVE-2024-44977 CVE-2024-46853 CVE-2024-46753 CVE-2024-46792 CVE-2024-46675 CVE-2024-46805 CVE-2024-43890 CVE-2024-46703 CVE-2024-43841 CVE-2024-44960 CVE-2024-46846 CVE-2024-46798 CVE-2024-44965 CVE-2024-46812 CVE-2024-43835 CVE-2024-43839 CVE-2024-43886 CVE-2024-46843 CVE-2024-50264 CVE-2024-46706 CVE-2024-46851 CVE-2024-46758 CVE-2024-45027 CVE-2024-43887 CVE-2024-42278 CVE-2024-46701 CVE-2024-46708 CVE-2024-46817 CVE-2024-46871 CVE-2024-46771 CVE-2024-42304 CVE-2024-43877 CVE-2024-44996 CVE-2024-46741 CVE-2024-46842 CVE-2024-43902 CVE-2024-43818 CVE-2024-47662 CVE-2024-44931 CVE-2024-46793 CVE-2024-46746 CVE-2024-46782 CVE-2024-43914 CVE-2024-43824 CVE-2024-46767 CVE-2024-43871 CVE-2024-44971 CVE-2024-47666 CVE-2024-45008 CVE-2024-42263 CVE-2024-46815 CVE-2024-46824 CVE-2024-45015 CVE-2024-45000 CVE-2024-46841 CVE-2024-46770 CVE-2024-44942 CVE-2024-46679 CVE-2024-46724 CVE-2024-46759 CVE-2024-43845 CVE-2024-46795 CVE-2024-46818 CVE-2024-44988 CVE-2024-46807 CVE-2024-46787 CVE-2024-43894 CVE-2024-46803 CVE-2024-44947 CVE-2024-46786 CVE-2024-46689 CVE-2024-46686 CVE-2024-42290 CVE-2024-46868 CVE-2024-43857 CVE-2024-43909 CVE-2023-52889 CVE-2024-44944 CVE-2024-44973 CVE-2024-43905 CVE-2024-44938 CVE-2024-43864 CVE-2024-46850 CVE-2024-43867 CVE-2024-43819 CVE-2024-46691 CVE-2024-47664 CVE-2024-46821 CVE-2024-46867 CVE-2024-46716 CVE-2024-43881 CVE-2024-46788 CVE-2024-43912 CVE-2024-43904 CVE-2024-46727 CVE-2024-46680 CVE-2024-44985 CVE-2024-46813 CVE-2024-47668 CVE-2024-42277 CVE-2024-42291 CVE-2024-45003 CVE-2024-42309 CVE-2024-44937 CVE-2024-44953 CVE-2024-46718 CVE-2024-42276 CVE-2024-45028 CVE-2024-43863 CVE-2024-46866 CVE-2024-42258 CVE-2024-42273 CVE-2024-46717 CVE-2024-46797 CVE-2024-46854 CVE-2024-44972 CVE-2024-46791 CVE-2024-45010 CVE-2024-43825 CVE-2024-46775 CVE-2024-46745 CVE-2024-46808 CVE-2024-46831 CVE-2024-45018 CVE-2024-42319 CVE-2024-46822 CVE-2024-43883 CVE-2024-46722 CVE-2024-46694 CVE-2024-45009 CVE-2024-42320 CVE-2024-46825 CVE-2024-43821 CVE-2024-46749 CVE-2024-45006 CVE-2024-43895 CVE-2024-44950 CVE-2024-43827 CVE-2024-43876 CVE-2024-47659 CVE-2024-44989 CVE-2024-46804 CVE-2024-46754 CVE-2024-46766 CVE-2024-46728 CVE-2024-46828 CVE-2024-46826 CVE-2024-46810 CVE-2024-44963 CVE-2024-44934 CVE-2024-43829 CVE-2024-42268 CVE-2024-43850 CVE-2024-43853 CVE-2024-43854 CVE-2024-43892 CVE-2024-43859 CVE-2024-42285 CVE-2024-44962 CVE-2024-46725 CVE-2024-46814 CVE-2024-44935 CVE-2024-42264 CVE-2024-42260 CVE-2024-46858 CVE-2024-46778 CVE-2024-46774 CVE-2024-46848 CVE-2024-45013 CVE-2024-43837 CVE-2024-46683 CVE-2024-46757 CVE-2024-46726 CVE-2024-43831 CVE-2024-46737 CVE-2024-43893 CVE-2024-46823 CVE-2024-42302 CVE-2024-44990 CVE-2024-46755 CVE-2024-46707 CVE-2024-43833 CVE-2024-44940 CVE-2024-42259 CVE-2024-46855 CVE-2024-46827 CVE-2024-46809 CVE-2024-46836 CVE-2024-43907 CVE-2024-42312 CVE-2024-46692 CVE-2024-42297 CVE-2024-46864 CVE-2024-42299 CVE-2024-45011 CVE-2024-46838 CVE-2024-44993 CVE-2024-46802 CVE-2024-44966 CVE-2024-46739 CVE-2024-46780 CVE-2024-44961 CVE-2024-42316 CVE-2024-47660 CVE-2024-46859 CVE-2024-46762 CVE-2024-43861 CVE-2024-45012 CVE-2024-46784 CVE-2024-43908 CVE-2024-46832 CVE-2024-44969 CVE-2024-46750 CVE-2024-44958 CVE-2024-46740 CVE-2024-46829 CVE-2024-43873 CVE-2024-49984 CVE-2024-44983 CVE-2024-42288 CVE-2024-46735 CVE-2024-46676 CVE-2024-43823 CVE-2024-46779 CVE-2024-46744 CVE-2024-42310 CVE-2024-44980 CVE-2024-46870 CVE-2024-42307 CVE-2024-46768 CVE-2024-44984 CVE-2024-45007 CVE-2024-46710 CVE-2024-44978 CVE-2024-46723 CVE-2024-46845 CVE-2024-44999 CVE-2024-42311 CVE-2024-43884 CVE-2024-44939 CVE-2024-44974 CVE-2024-42314 CVE-2024-42318 CVE-2024-39472 CVE-2024-46693 CVE-2024-46794 CVE-2024-46844 CVE-2024-46695 CVE-2024-46720 CVE-2024-46860 CVE-2024-46835 CVE-2024-47665 CVE-2024-46715 CVE-2024-42305 CVE-2024-46773 CVE-2024-45030 CVE-2024-46697 CVE-2024-46705 CVE-2024-42286 CVE-2024-46834 CVE-2024-46681 CVE-2024-53057 CVE-2024-42303 CVE-2024-46678 CVE-2024-46756 CVE-2023-52918 CVE-2024-43860 CVE-2024-43911 CVE-2024-43880 CVE-2024-43910 CVE-2024-44975 CVE-2024-44959 CVE-2024-46747 CVE-2024-43846 CVE-2024-42274 CVE-2024-46672 CVE-2024-43852 CVE-2024-46709 CVE-2024-42306 CVE-2024-42281 CVE-2024-46849 CVE-2024-46719 CVE-2024-43830 CVE-2024-46685 CVE-2024-44998 CVE-2024-42313 CVE-2024-43820 CVE-2024-44991 CVE-2024-47674 CVE-2024-46785 CVE-2024-45021 CVE-2024-46677 CVE-2024-43870 CVE-2024-46698 CVE-2024-43900 CVE-2024-44956 CVE-2024-43849 CVE-2024-46687 CVE-2024-42296 CVE-2024-46830 CVE-2024-47669 CVE-2024-46732 CVE-2024-46733 CVE-2024-46852 CVE-2024-43906 CVE-2024-43847 CVE-2024-42294 CVE-2024-46731 CVE-2024-45029 CVE-2024-47667 CVE-2024-42272 CVE-2024-45022 CVE-2024-43879 CVE-2024-46765 CVE-2024-45026 CVE-2024-44986 CVE-2024-44995 CVE-2024-47663 CVE-2024-42262 CVE-2024-43889 CVE-2024-44987 CVE-2024-43866 CVE-2024-42265 CVE-2024-46847 CVE-2024-46673 CVE-2024-46783 CVE-2024-46761 CVE-2024-46840 CVE-2024-42301 CVE-2024-43868 CVE-2024-45005 CVE-2024-42322 CVE-2024-43828 CVE-2024-43834 CVE-2024-43891 CVE-2024-46861 CVE-2024-42261 CVE-2024-43875 CVE-2024-43840 CVE-2024-42287 CVE-2024-46752 CVE-2024-46711 CVE-2024-46713 CVE-2024-44943 CVE-2024-46743 CVE-2024-43869 CVE-2024-46781 CVE-2024-44946 CVE-2024-42283 CVE-2024-47661 CVE-2024-43817 CVE-2024-46819 CVE-2024-42267 CVE-2024-46729 CVE-2024-46857 CVE-2024-42295 CVE-2024-46760 CVE-2024-42315 CVE-2024-45019 CVE-2024-44948 CVE-2024-44941 CVE-2024-42269 CVE-2024-44957 CVE-2024-49967 |
| CWE-ID | CWE-416 CWE-667 CWE-119 CWE-401 CWE-399 CWE-190 CWE-617 CWE-388 CWE-476 CWE-20 CWE-125 CWE-682 CWE-362 CWE-191 CWE-835 CWE-415 CWE-908 CWE-843 CWE-369 CWE-665 CWE-193 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #108 is available. Public exploit code for vulnerability #387 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1020-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1020-azure (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 403 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU96836
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pf_queue_work_func() and xe_gt_pagefault_init() functions in drivers/gpu/drm/xe/xe_gt_pagefault.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU98369
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47658
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_cryp_irq_thread() function in drivers/crypto/stm32/stm32-cryp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU96876
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44970
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU96511
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43913
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devm_apple_nvme_mempool_destroy() and apple_nvme_probe() functions in drivers/nvme/host/apple.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU97829
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46816
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU97491
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46738
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU97550
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46777
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU97559
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46730
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the acquire_otg_master_pipe_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Reachable assertion
EUVDB-ID: #VU97812
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46811
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the dcn321_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c, within the dcn32_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c, within the dcn303_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c, within the dcn302_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU96859
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44954
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Reachable assertion
EUVDB-ID: #VU96161
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42317
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __thp_vma_allowable_orders() function in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper error handling
EUVDB-ID: #VU96167
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42279
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the REG_CONTROL2() and mchp_corespi_transfer_one() functions in drivers/spi/spi-microchip-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU96851
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45002
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the osnoise_init_top() function in tools/tracing/rtla/src/osnoise_top.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU96150
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_wb_folio_cancel() and nfs_wb_folio() functions in fs/nfs/write.c, within the nfs_read_folio() function in fs/nfs/read.c, within the nfs_invalidate_folio() and nfs_launder_folio() functions in fs/nfs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU96890
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mga_i2c_read_gpio(), mga_gpio_getscl() and mgag200_i2c_init() functions in drivers/gpu/drm/mgag200/mgag200_i2c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU97532
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46721
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU97523
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46763
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU96191
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43856
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU96139
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU97828
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46806
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aqua_vanjaram_switch_partition_mode() function in drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU97569
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46776
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the construct_phy() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU96112
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43843
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __arch_prepare_bpf_trampoline() and arch_prepare_bpf_trampoline() functions in arch/riscv/net/bpf_jit_comp64.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU96138
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42298
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmc_audio_dai_parse() function in sound/soc/fsl/fsl_qmc_audio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU96149
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43832
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_folio_secure() and folio_wait_writeback() functions in arch/s390/kernel/uv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Resource management error
EUVDB-ID: #VU96183
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42321
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __skb_flow_dissect() function in net/core/flow_dissector.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU96114
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42292
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU96828
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44982
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU96198
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43842
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rtw89_sta_info_get_iter() function in drivers/net/wireless/realtek/rtw89/debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU97567
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46772
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU97264
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46702
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU97177
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45017
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipsec_fs_roce_tx_mpv_create() and ipsec_fs_roce_rx_mpv_create() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU96513
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43888
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_lru_from_memcg_idx() and EXPORT_SYMBOL_GPL() functions in mm/list_lru.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU98979
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47683
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the is_dsc_need_re_compute() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper error handling
EUVDB-ID: #VU97548
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46714
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU96532
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43899
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_get_dcc_compression_cap() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Incorrect calculation
EUVDB-ID: #VU97193
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45025
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Incorrect calculation
EUVDB-ID: #VU97561
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46751
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU97170
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45020
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stacksafe() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU96844
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44977
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ta_if_load_debugfs_write() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU97782
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper error handling
EUVDB-ID: #VU97544
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46753
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Memory leak
EUVDB-ID: #VU97488
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46792
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handle_misaligned_load() and handle_misaligned_store() functions in arch/riscv/kernel/traps_misaligned.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Buffer overflow
EUVDB-ID: #VU97287
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU97793
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46805
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psp_xgmi_reflect_topology_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU96544
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU97280
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46703
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the omap8250_suspend() and omap8250_resume() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Resource management error
EUVDB-ID: #VU96187
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43841
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU96854
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_ep_enable() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper error handling
EUVDB-ID: #VU97815
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46846
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rockchip_spi_suspend() and rockchip_spi_resume() functions in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU97500
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Buffer overflow
EUVDB-ID: #VU96878
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Input validation error
EUVDB-ID: #VU97845
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46812
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ModeSupportAndSystemConfiguration() function in drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU96148
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43835
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtnet_receive(), virtnet_poll_cleantx(), virtnet_poll() and virtnet_poll_tx() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) NULL pointer dereference
EUVDB-ID: #VU96537
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43886
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Resource management error
EUVDB-ID: #VU97832
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46843
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_remove(), ufshcd_init() and blk_mq_free_tag_set() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU100612
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50264
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Resource management error
EUVDB-ID: #VU97281
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46706
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the lpuart_probe() function in drivers/tty/serial/fsl_lpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Race condition
EUVDB-ID: #VU97824
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46851
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the dcn10_set_drr() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Integer underflow
EUVDB-ID: #VU97553
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46758
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) NULL pointer dereference
EUVDB-ID: #VU97172
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45027
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_mem_cleanup() function in drivers/usb/host/xhci-mem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper error handling
EUVDB-ID: #VU96543
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43887
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tcp_ao_key_free_rcu() function in net/ipv4/tcp_ao.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU96143
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42278
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tasdev_load_calibrated_data() function in sound/soc/codecs/tas2781-fmwlib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Infinite loop
EUVDB-ID: #VU97277
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46701
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the simple_offset_destroy(), offset_dir_llseek(), offset_dir_emit() and offset_iterate_dir() functions in fs/libfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Input validation error
EUVDB-ID: #VU97288
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46708
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the PINGROUP() function in drivers/pinctrl/qcom/pinctrl-x1e80100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Resource management error
EUVDB-ID: #VU97830
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Input validation error
EUVDB-ID: #VU98381
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46871
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Memory leak
EUVDB-ID: #VU97485
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46771
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper error handling
EUVDB-ID: #VU96164
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42304
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU96302
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43877
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ivtvfb_prep_dec_dma_to_device() function in drivers/media/pci/ivtv/ivtvfb.c, within the ivtv_yuv_prep_user_dma() function in drivers/media/pci/ivtv/ivtv-yuv.c, within the ivtv_udma_setup() function in drivers/media/pci/ivtv/ivtv-udma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Resource management error
EUVDB-ID: #VU96879
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44996
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __vsock_recvmsg() function in net/vmw_vsock/vsock_bpf.c, within the __vsock_dgram_recvmsg(), vsock_connectible_recvmsg() and release_sock() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Double free
EUVDB-ID: #VU97542
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46741
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fastrpc_req_mmap() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use-after-free
EUVDB-ID: #VU97779
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46842
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_get_sfp_info_wait() function in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) NULL pointer dereference
EUVDB-ID: #VU96530
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU96131
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43818
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the st_es8336_late_probe() function in sound/soc/amd/acp-es8336.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Input validation error
EUVDB-ID: #VU98378
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47662
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dmub_dcn35_get_current_time() and dmub_dcn35_get_diagnostic_data() functions in drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Memory leak
EUVDB-ID: #VU96512
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44931
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Out-of-bounds read
EUVDB-ID: #VU97507
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46793
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_cht_mc_probe() function in sound/soc/intel/boards/cht_bsw_rt5672.c, within the snd_cht_mc_probe() function in sound/soc/intel/boards/cht_bsw_rt5645.c, within the snd_byt_wm5102_mc_probe() function in sound/soc/intel/boards/bytcr_wm5102.c, within the snd_byt_rt5651_mc_probe() function in sound/soc/intel/boards/bytcr_rt5651.c, within the snd_byt_rt5640_mc_probe() function in sound/soc/intel/boards/bytcr_rt5640.c, within the snd_byt_cht_es8316_mc_probe() function in sound/soc/intel/boards/bytcht_es8316.c, within the bytcht_da7213_probe() function in sound/soc/intel/boards/bytcht_da7213.c, within the snd_byt_cht_cx2072x_probe() function in sound/soc/intel/boards/bytcht_cx2072x.c, within the broxton_audio_probe() function in sound/soc/intel/boards/bxt_rt298.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use-after-free
EUVDB-ID: #VU97494
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46746
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use-after-free
EUVDB-ID: #VU97496
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46782
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Input validation error
EUVDB-ID: #VU96542
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) NULL pointer dereference
EUVDB-ID: #VU96126
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43824
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_core_init() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Incorrect calculation
EUVDB-ID: #VU97562
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46767
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the of_phy_leds() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Memory leak
EUVDB-ID: #VU96287
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Memory leak
EUVDB-ID: #VU96832
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44971
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper locking
EUVDB-ID: #VU98366
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47666
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pm8001_phy_control() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Buffer overflow
EUVDB-ID: #VU96883
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45008
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Memory leak
EUVDB-ID: #VU96101
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42263
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v3d_get_cpu_timestamp_query_params(), v3d_get_cpu_reset_timestamp_params() and v3d_get_cpu_copy_query_results_params() functions in drivers/gpu/drm/v3d/v3d_submit.c, within the v3d_sched_job_free() function in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Input validation error
EUVDB-ID: #VU97843
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46815
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) NULL pointer dereference
EUVDB-ID: #VU97799
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46824
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iommufd_hwpt_nested_alloc() function in drivers/iommu/iommufd/hw_pagetable.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU97171
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45015
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_encoder_virt_atomic_mode_set() and dpu_encoder_virt_atomic_enable() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) NULL pointer dereference
EUVDB-ID: #VU96850
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45000
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the spin_lock() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Improper error handling
EUVDB-ID: #VU97814
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46841
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU97520
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46770
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Input validation error
EUVDB-ID: #VU96552
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44942
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Input validation error
EUVDB-ID: #VU97269
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Out-of-bounds read
EUVDB-ID: #VU97510
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Integer underflow
EUVDB-ID: #VU97554
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46759
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use of uninitialized resource
EUVDB-ID: #VU96170
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43845
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_rename() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) NULL pointer dereference
EUVDB-ID: #VU97516
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46795
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_sess_setup() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Input validation error
EUVDB-ID: #VU97842
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Out-of-bounds read
EUVDB-ID: #VU96845
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44988
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) NULL pointer dereference
EUVDB-ID: #VU97794
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46807
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improper locking
EUVDB-ID: #VU97536
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46787
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) NULL pointer dereference
EUVDB-ID: #VU96536
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43894
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) NULL pointer dereference
EUVDB-ID: #VU97792
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46803
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the debug_event_write_work_handler() and kfd_dbg_trap_disable() functions in drivers/gpu/drm/amd/amdkfd/kfd_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
109) Use-after-free
EUVDB-ID: #VU97497
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46786
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fscache_exit() function in fs/fscache/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Infinite loop
EUVDB-ID: #VU97279
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46689
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU97260
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU96181
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42290
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Improper locking
EUVDB-ID: #VU97810
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46868
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qcuefi_set_reference() function in drivers/firmware/qcom/qcom_qseecom_uefisecapp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) NULL pointer dereference
EUVDB-ID: #VU96120
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43857
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the is_end_zone_blkaddr() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) NULL pointer dereference
EUVDB-ID: #VU96524
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43909
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smu7_update_edc_leakage_table() and smu7_hwmgr_backend_init() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) NULL pointer dereference
EUVDB-ID: #VU96132
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52889
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Type Confusion
EUVDB-ID: #VU96639
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44944
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Input validation error
EUVDB-ID: #VU96865
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44973
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __kmem_cache_free_bulk() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) NULL pointer dereference
EUVDB-ID: #VU96528
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Out-of-bounds read
EUVDB-ID: #VU96550
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44938
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Memory leak
EUVDB-ID: #VU96289
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43864
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_tc_ct_entry_destroy_mod_hdr() function in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Race condition
EUVDB-ID: #VU97823
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46850
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the dcn35_set_drr() function in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Integer underflow
EUVDB-ID: #VU96301
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43867
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) NULL pointer dereference
EUVDB-ID: #VU96130
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) NULL pointer dereference
EUVDB-ID: #VU97261
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46691
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_notify(), pmic_glink_ucsi_callback() and pmic_glink_ucsi_probe() functions in drivers/usb/typec/ucsi/ucsi_glink.c, within the EXPORT_SYMBOL_GPL() function in drivers/soc/qcom/pmic_glink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Division by zero
EUVDB-ID: #VU98373
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47664
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Input validation error
EUVDB-ID: #VU97841
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46821
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the navi10_get_current_clk_freq_by_table(), navi10_emit_clk_levels(), navi10_print_clk_levels() and navi10_force_clk_levels() functions in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU97809
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46867
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the show_meminfo() function in drivers/gpu/drm/xe/xe_drm_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Input validation error
EUVDB-ID: #VU97572
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Memory leak
EUVDB-ID: #VU96288
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43881
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_dp_rx_h_defrag_reo_reinject() and spin_unlock_bh() functions in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) NULL pointer dereference
EUVDB-ID: #VU97517
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46788
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the osnoise_migration_pending(), stop_kthread(), start_kthread() and start_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Input validation error
EUVDB-ID: #VU96548
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43912
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nl80211_set_channel() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) NULL pointer dereference
EUVDB-ID: #VU96529
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_apply_idle_power_optimizations() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Improper error handling
EUVDB-ID: #VU97549
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46727
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Input validation error
EUVDB-ID: #VU97270
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46680
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ps_wakeup(), btnxpuart_close() and nxp_serdev_remove() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Use-after-free
EUVDB-ID: #VU96837
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44985
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_xmit() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Out-of-bounds read
EUVDB-ID: #VU97785
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46813
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Buffer overflow
EUVDB-ID: #VU98376
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47668
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) NULL pointer dereference
EUVDB-ID: #VU96144
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42277
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sprd_iommu_cleanup() function in drivers/iommu/sprd-iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Input validation error
EUVDB-ID: #VU96207
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ice_vc_fdir_reset_cnt_all(), ice_vc_add_fdir_fltr_post(), ice_vc_del_fdir_fltr_post() and ice_vc_add_fdir_fltr() functions in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c, within the ice_parse_rx_flow_user_data() function in drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) NULL pointer dereference
EUVDB-ID: #VU96135
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42309
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) NULL pointer dereference
EUVDB-ID: #VU96521
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44937
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the notify_handler() and intel_vbtn_probe() functions in drivers/platform/x86/intel/vbtn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Improper locking
EUVDB-ID: #VU96858
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44953
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_update_rtc() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Reachable assertion
EUVDB-ID: #VU97541
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46718
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the xe_migrate_prepare_vm() function in drivers/gpu/drm/xe/xe_migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Input validation error
EUVDB-ID: #VU96205
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42276
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) NULL pointer dereference
EUVDB-ID: #VU97173
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Improper locking
EUVDB-ID: #VU96297
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43863
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Use-after-free
EUVDB-ID: #VU97784
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46866
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xe_drm_client_add_bo(), bo_meminfo() and show_meminfo() functions in drivers/gpu/drm/xe/xe_drm_client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Input validation error
EUVDB-ID: #VU95923
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42258
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __thp_get_unmapped_area() function in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Improper error handling
EUVDB-ID: #VU96168
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42273
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __get_segment_type_6() function in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Input validation error
EUVDB-ID: #VU97571
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46717
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) NULL pointer dereference
EUVDB-ID: #VU97515
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46797
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the barrier() function in arch/powerpc/lib/qspinlock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Memory leak
EUVDB-ID: #VU97776
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Memory leak
EUVDB-ID: #VU96833
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the extent_write_locked_range() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Improper locking
EUVDB-ID: #VU97535
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46791
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Resource management error
EUVDB-ID: #VU97192
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45010
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow(), mptcp_pm_remove_anno_addr(), mptcp_nl_remove_subflow_and_signal_addr(), mptcp_nl_remove_id_zero_address() and mptcp_pm_nl_fullmesh() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Out-of-bounds read
EUVDB-ID: #VU96111
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43825
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iio_gts_build_avail_time_table() function in drivers/iio/industrialio-gts-helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Input validation error
EUVDB-ID: #VU97568
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46775
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the perform_link_training_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c, within the hubbub2_program_watermarks() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c, within the dc_dmub_srv_cmd_run_list() and dc_dmub_srv_get_visual_confirm_color_cmd() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Use-after-free
EUVDB-ID: #VU97493
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) NULL pointer dereference
EUVDB-ID: #VU97795
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46808
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpcd_extend_address_range() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dpcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Use-after-free
EUVDB-ID: #VU97778
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46831
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Use of uninitialized resource
EUVDB-ID: #VU97182
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45018
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Resource management error
EUVDB-ID: #VU96190
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42319
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cmdq_probe() function in drivers/mailbox/mtk-cmdq-mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) NULL pointer dereference
EUVDB-ID: #VU97798
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46822
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Out-of-bounds read
EUVDB-ID: #VU97508
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Improper error handling
EUVDB-ID: #VU97273
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46694
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dm_plane_helper_prepare_fb() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Resource management error
EUVDB-ID: #VU97191
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45009
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) NULL pointer dereference
EUVDB-ID: #VU96133
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42320
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dasd_copy_pair_store() function in drivers/s390/block/dasd_devmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Input validation error
EUVDB-ID: #VU97840
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46825
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/wireless/intel/iwlwifi/mvm/mvm.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) NULL pointer dereference
EUVDB-ID: #VU96129
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43821
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_xcvr_data_show() function in drivers/scsi/lpfc/lpfc_attr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) NULL pointer dereference
EUVDB-ID: #VU97526
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btnxpuart_close() and btnxpuart_flush() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) NULL pointer dereference
EUVDB-ID: #VU96852
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45006
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) NULL pointer dereference
EUVDB-ID: #VU96535
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43895
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the is_dsc_need_re_compute() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Resource management error
EUVDB-ID: #VU96875
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44950
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sc16is7xx_set_baud() function in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) NULL pointer dereference
EUVDB-ID: #VU96125
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43827
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_mall_phantom.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Resource management error
EUVDB-ID: #VU96303
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43876
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rcar_pcie_wakeup() function in drivers/pci/controller/pcie-rcar-host.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Input validation error
EUVDB-ID: #VU98382
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) NULL pointer dereference
EUVDB-ID: #VU96847
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44989
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Resource management error
EUVDB-ID: #VU97827
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46804
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Input validation error
EUVDB-ID: #VU97566
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Out-of-bounds read
EUVDB-ID: #VU97506
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ice_napi_add(), ice_reinit_interrupt_scheme(), ice_suspend() and ice_vsi_open() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_cfg_def(), ice_vsi_close() and ice_dis_vsi() functions in drivers/net/ethernet/intel/ice/ice_lib.c, within the ice_free_q_vector() function in drivers/net/ethernet/intel/ice/ice_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Buffer overflow
EUVDB-ID: #VU97558
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46728
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the configure_lttpr_mode_non_transparent() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Out-of-bounds read
EUVDB-ID: #VU97786
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46828
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Input validation error
EUVDB-ID: #VU97839
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46826
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) NULL pointer dereference
EUVDB-ID: #VU97796
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46810
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tc_irq_handler() function in drivers/gpu/drm/bridge/tc358767.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Memory leak
EUVDB-ID: #VU96830
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44963
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_delete_free_space_tree() function in fs/btrfs/free-space-tree.c, within the btrfs_free_tree_block(), clear_bit() and walk_up_proc() functions in fs/btrfs/extent-tree.c, within the btrfs_force_cow_block(), balance_level(), insert_new_root() and btrfs_del_leaf() functions in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Use-after-free
EUVDB-ID: #VU96517
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44934
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_del_port() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) NULL pointer dereference
EUVDB-ID: #VU96124
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43829
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qxl_add_mode() function in drivers/gpu/drm/qxl/qxl_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Improper locking
EUVDB-ID: #VU96159
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42268
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_fw_reset_set_live_patch() and mlx5_fw_reset_complete_reload() functions in drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Resource management error
EUVDB-ID: #VU96185
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43850
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bwmon_start() and bwmon_probe() functions in drivers/soc/qcom/icc-bwmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Use-after-free
EUVDB-ID: #VU96104
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Memory leak
EUVDB-ID: #VU96099
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Race condition
EUVDB-ID: #VU96546
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43892
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) NULL pointer dereference
EUVDB-ID: #VU96119
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43859
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the f2fs_set_inode_flags() function in fs/f2fs/inode.c, within the f2fs_file_mmap() and f2fs_file_open() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Improper error handling
EUVDB-ID: #VU96868
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44962
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ps_cancel_timer() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Out-of-bounds read
EUVDB-ID: #VU97511
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46725
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Input validation error
EUVDB-ID: #VU97844
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46814
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) NULL pointer dereference
EUVDB-ID: #VU96522
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Memory leak
EUVDB-ID: #VU96102
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42264
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v3d_get_cpu_reset_performance_params() and v3d_get_cpu_copy_performance_query_params() functions in drivers/gpu/drm/v3d/v3d_submit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Input validation error
EUVDB-ID: #VU96201
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42260
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the v3d_get_cpu_reset_performance_params() and v3d_get_cpu_copy_performance_query_params() functions in drivers/gpu/drm/v3d/v3d_submit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Use-after-free
EUVDB-ID: #VU97783
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46858
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) NULL pointer dereference
EUVDB-ID: #VU97519
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46778
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the CalculateSwathAndDETConfiguration() function in drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Buffer overflow
EUVDB-ID: #VU97563
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46774
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Infinite loop
EUVDB-ID: #VU97820
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46848
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Use-after-free
EUVDB-ID: #VU97168
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_stop_ctrl() and EXPORT_SYMBOL_GPL() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) NULL pointer dereference
EUVDB-ID: #VU96121
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43837
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/bpf_verifier.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Use-after-free
EUVDB-ID: #VU97253
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46683
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xe_preempt_fence_arm() function in drivers/gpu/drm/xe/xe_preempt_fence.c, within the xe_exec_queue_create_ioctl() function in drivers/gpu/drm/xe/xe_exec_queue.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Integer underflow
EUVDB-ID: #VU97552
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46757
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Buffer overflow
EUVDB-ID: #VU97557
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46726
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dcn_bw_update_from_pplib_fclks() function in drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Input validation error
EUVDB-ID: #VU96196
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) NULL pointer dereference
EUVDB-ID: #VU97529
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46737
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Improper locking
EUVDB-ID: #VU96540
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43893
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Buffer overflow
EUVDB-ID: #VU97819
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46823
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the DEFINE_TEST_ALLOC() and overflow_allocation_test() functions in lib/overflow_kunit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Use-after-free
EUVDB-ID: #VU96108
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) NULL pointer dereference
EUVDB-ID: #VU96848
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44990
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) NULL pointer dereference
EUVDB-ID: #VU97525
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46755
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) NULL pointer dereference
EUVDB-ID: #VU97256
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) NULL pointer dereference
EUVDB-ID: #VU96123
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43833
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v4l2_async_create_ancillary_links() function in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Resource management error
EUVDB-ID: #VU96553
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44940
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Buffer overflow
EUVDB-ID: #VU96008
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42259
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Memory leak
EUVDB-ID: #VU97777
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46855
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Input validation error
EUVDB-ID: #VU97811
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46827
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_station_assoc() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) Improper error handling
EUVDB-ID: #VU97813
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Input validation error
EUVDB-ID: #VU97837
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46836
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ast_udc_getstatus() function in drivers/usb/gadget/udc/aspeed_udc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) NULL pointer dereference
EUVDB-ID: #VU96526
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Input validation error
EUVDB-ID: #VU96209
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Improper locking
EUVDB-ID: #VU97267
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46692
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the scm_get_wq_ctx() function in drivers/firmware/qcom_scm-smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) Improper error handling
EUVDB-ID: #VU96165
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42297
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) Improper Initialization
EUVDB-ID: #VU97825
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46864
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hv_machine_shutdown() function in arch/x86/kernel/cpu/mshyperv.c, within the EXPORT_SYMBOL_GPL(), register_syscore_ops() and wrmsrl() functions in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Input validation error
EUVDB-ID: #VU96193
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42299
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the blksize_bits() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Input validation error
EUVDB-ID: #VU97195
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Improper locking
EUVDB-ID: #VU97806
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46838
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) Out-of-bounds read
EUVDB-ID: #VU96846
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44993
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the v3d_csd_job_run() function in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Input validation error
EUVDB-ID: #VU97838
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46802
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Buffer overflow
EUVDB-ID: #VU96871
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44966
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the DATA_START_OFFSET_WORDS() and load_flat_binary() functions in fs/binfmt_flat.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) NULL pointer dereference
EUVDB-ID: #VU97528
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) Buffer overflow
EUVDB-ID: #VU97564
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46780
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Resource management error
EUVDB-ID: #VU96881
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44961
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_job_prepare_job() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) Integer underflow
EUVDB-ID: #VU96174
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42316
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the folio_rotate_reclaimable() function in mm/vmscan.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Improper locking
EUVDB-ID: #VU98370
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47660
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Out-of-bounds read
EUVDB-ID: #VU97791
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46859
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Improper locking
EUVDB-ID: #VU97538
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46762
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), irqfd_shutdown() and privcmd_irqfd_assign() functions in drivers/xen/privcmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Improper error handling
EUVDB-ID: #VU97181
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45012
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvkm_falcon_fw_boot() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c, within the nvkm_firmware_dtor() and nvkm_firmware_ctor() functions in drivers/gpu/drm/nouveau/nvkm/core/firmware.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Improper error handling
EUVDB-ID: #VU97547
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) NULL pointer dereference
EUVDB-ID: #VU96525
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_interrupt_process_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Improper locking
EUVDB-ID: #VU97805
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46832
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the r4k_clockevent_init() function in arch/mips/kernel/cevt-r4k.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) Buffer overflow
EUVDB-ID: #VU96885
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44969
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) Improper locking
EUVDB-ID: #VU97539
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46750
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) Resource management error
EUVDB-ID: #VU96880
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) Use-after-free
EUVDB-ID: #VU97492
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46740
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) Improper locking
EUVDB-ID: #VU97803
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46829
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
256) Use of uninitialized resource
EUVDB-ID: #VU96300
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43873
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vhost_vsock_dev_open() and vhost_vsock_set_features() functions in drivers/vhost/vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
257) Memory leak
EUVDB-ID: #VU98855
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49984
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v3d_get_cpu_reset_performance_params() and v3d_get_cpu_copy_performance_query_params() functions in drivers/gpu/drm/v3d/v3d_submit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
258) Use of uninitialized resource
EUVDB-ID: #VU96869
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44983
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_flow_skb_encap_protocol() function in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
259) Buffer overflow
EUVDB-ID: #VU96177
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42288
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
260) NULL pointer dereference
EUVDB-ID: #VU97530
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46735
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ublk_ctrl_start_recovery() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
261) Division by zero
EUVDB-ID: #VU97276
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46676
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
262) NULL pointer dereference
EUVDB-ID: #VU96127
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43823
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ks_pcie_setup_rc_app_regs() and ks_pcie_host_init() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
263) Memory leak
EUVDB-ID: #VU97486
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46779
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the to_pvr_vm_gpuva(), pvr_vm_gpuva_unmap() and pvr_vm_gpuva_remap() functions in drivers/gpu/drm/imagination/pvr_vm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
264) Input validation error
EUVDB-ID: #VU97540
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
265) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
266) Memory leak
EUVDB-ID: #VU96827
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44980
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xe_display_fini_noirq() and xe_display_init_noirq() functions in drivers/gpu/drm/xe/display/xe_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
267) Resource management error
EUVDB-ID: #VU98374
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46870
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
268) NULL pointer dereference
EUVDB-ID: #VU96137
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42307
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_cifs(), destroy_mids() and destroy_workqueue() functions in fs/smb/client/cifsfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
269) Improper error handling
EUVDB-ID: #VU97545
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46768
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the hp_wmi_notify() function in drivers/hwmon/hp-wmi-sensors.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
270) Resource management error
EUVDB-ID: #VU96873
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44984
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
271) Input validation error
EUVDB-ID: #VU96888
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45007
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the MODULE_LICENSE(), cleanup_dev(), report_io_error() and xillyusb_init() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
272) Incorrect calculation
EUVDB-ID: #VU97283
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46710
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the vmw_bo_map_and_cache_size() and vmw_bo_init() functions in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
273) Use-after-free
EUVDB-ID: #VU96835
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44978
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xe_sched_job_destroy() function in drivers/gpu/drm/xe/xe_sched_job.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
274) Out-of-bounds read
EUVDB-ID: #VU97509
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
275) Use-after-free
EUVDB-ID: #VU97780
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46845
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the this_cpu_tmr_var() and timerlat_fd_release() functions in kernel/trace/trace_osnoise.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
276) Use of uninitialized resource
EUVDB-ID: #VU96870
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
277) Use of uninitialized resource
EUVDB-ID: #VU96172
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42311
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
278) NULL pointer dereference
EUVDB-ID: #VU96538
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43884
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
279) NULL pointer dereference
EUVDB-ID: #VU96551
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44939
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dtInsert() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
280) Use-after-free
EUVDB-ID: #VU96834
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
281) Use-after-free
EUVDB-ID: #VU96110
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42314
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the add_ra_bio_pages() function in fs/btrfs/compression.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
282) Input validation error
EUVDB-ID: #VU96210
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42318
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hook_cred_prepare() and hook_cred_free() functions in security/landlock/cred.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
283) Out-of-bounds read
EUVDB-ID: #VU93820
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39472
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
284) NULL pointer dereference
EUVDB-ID: #VU97262
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46693
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_probe() function in drivers/usb/typec/ucsi/ucsi_glink.c, within the pmic_glink_altmode_probe() function in drivers/soc/qcom/pmic_glink_altmode.c, within the _devm_pmic_glink_release_client() and devm_pmic_glink_register_client() functions in drivers/soc/qcom/pmic_glink.c, within the qcom_battmgr_probe() function in drivers/power/supply/qcom_battmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
285) Memory leak
EUVDB-ID: #VU97489
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mmio_read() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
286) Incorrect calculation
EUVDB-ID: #VU97833
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46844
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
287) Improper locking
EUVDB-ID: #VU97268
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46695
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
288) NULL pointer dereference
EUVDB-ID: #VU97533
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46720
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
289) NULL pointer dereference
EUVDB-ID: #VU97802
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46860
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7921_ipv6_addr_change() function in drivers/net/wireless/mediatek/mt76/mt7921/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
290) Resource management error
EUVDB-ID: #VU97831
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46835
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gfx_v11_0_hw_init() function in drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
291) Input validation error
EUVDB-ID: #VU98379
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47665
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_dma_init() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
292) NULL pointer dereference
EUVDB-ID: #VU97531
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46715
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL(), iio_channel_read() and iio_channel_read_avail() functions in drivers/iio/inkern.c, within the iio_ev_state_store(), iio_ev_state_show() and iio_ev_value_show() functions in drivers/iio/industrialio-event.c, within the iio_read_channel_info() and iio_read_channel_info_avail() functions in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
293) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
294) Input validation error
EUVDB-ID: #VU97565
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46773
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dm_update_mst_vcpi_slots_for_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
295) Buffer overflow
EUVDB-ID: #VU97189
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45030
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the igb_set_rx_buffer_len() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
296) Use of uninitialized resource
EUVDB-ID: #VU97274
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46697
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfsd4_encode_fattr4() function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
297) Input validation error
EUVDB-ID: #VU97289
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46705
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xe_mmio_tile_vram_size(), xe_mmio_probe_vram(), devm_add_action_or_reset() and mmio_fini() functions in drivers/gpu/drm/xe/xe_mmio.c, within the xe_device_probe() function in drivers/gpu/drm/xe/xe_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
298) NULL pointer dereference
EUVDB-ID: #VU96141
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42286
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
299) Out-of-bounds read
EUVDB-ID: #VU97789
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46834
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ethtool_set_channels() function in net/ethtool/ioctl.c, within the ethtool_get_max_rxfh_channel() function in net/ethtool/common.c, within the ethnl_set_channels() function in net/ethtool/channels.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
300) Infinite loop
EUVDB-ID: #VU97278
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46681
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
301) Use-after-free
EUVDB-ID: #VU100707
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53057
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
302) Input validation error
EUVDB-ID: #VU96208
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42303
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pxp_probe() function in drivers/media/platform/nxp/imx-pxp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
303) Improper locking
EUVDB-ID: #VU97266
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46678
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bond_ipsec_add_sa(), bond_ipsec_add_sa_all(), bond_ipsec_del_sa(), bond_ipsec_del_sa_all(), bond_setup() and bond_uninit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
304) Integer underflow
EUVDB-ID: #VU97551
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46756
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
305) NULL pointer dereference
EUVDB-ID: #VU99254
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
306) NULL pointer dereference
EUVDB-ID: #VU96118
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43860
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
307) NULL pointer dereference
EUVDB-ID: #VU96523
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee80211_start_tx_ba_session() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
308) Resource management error
EUVDB-ID: #VU96305
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
309) Out-of-bounds read
EUVDB-ID: #VU96518
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43910
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the process_dynptr_func(), btf_check_func_arg_match() and check_kfunc_args() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
310) Resource management error
EUVDB-ID: #VU96872
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44975
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the update_parent_effective_cpumask() function in kernel/cgroup/cpuset.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
311) Improper locking
EUVDB-ID: #VU96863
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tracefs_alloc_inode(), tracefs_free_inode() and tracefs_drop_inode() functions in fs/tracefs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
312) Out-of-bounds read
EUVDB-ID: #VU97504
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46747
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
313) Resource management error
EUVDB-ID: #VU96186
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43846
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_obj_parent_assign() function in lib/objagg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
314) Improper locking
EUVDB-ID: #VU96158
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42274
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the update_pcm_pointers() and amdtp_domain_stream_pcm_pointer() functions in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
315) NULL pointer dereference
EUVDB-ID: #VU97175
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46672
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
316) Off-by-one
EUVDB-ID: #VU96173
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43852
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the ltc2991_is_visible() function in drivers/hwmon/ltc2991.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
317) Buffer overflow
EUVDB-ID: #VU97285
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46709
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vmw_stdu_bo_cpu_commit() and vmw_stdu_bo_populate_update_cpu() functions in drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c, within the vmw_bo_cpu_blit_line() and vmw_bo_cpu_blit() functions in drivers/gpu/drm/vmwgfx/vmwgfx_blit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
318) Buffer overflow
EUVDB-ID: #VU96184
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42306
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
319) Input validation error
EUVDB-ID: #VU96206
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
320) Use-after-free
EUVDB-ID: #VU97781
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
321) NULL pointer dereference
EUVDB-ID: #VU97534
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46719
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
322) Double free
EUVDB-ID: #VU96162
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43830
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
323) NULL pointer dereference
EUVDB-ID: #VU97259
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46685
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
324) Use-after-free
EUVDB-ID: #VU96842
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
325) Use-after-free
EUVDB-ID: #VU96109
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42313
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
326) Resource management error
EUVDB-ID: #VU96188
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43820
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the raid_resume() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
327) Use-after-free
EUVDB-ID: #VU96840
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() and tcp_sk_exit_batch() functions in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
328) Use-after-free
EUVDB-ID: #VU98598
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
329) NULL pointer dereference
EUVDB-ID: #VU97518
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46785
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eventfs_remove_rec() function in fs/tracefs/event_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
330) Improper Initialization
EUVDB-ID: #VU97184
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
331) NULL pointer dereference
EUVDB-ID: #VU97257
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46677
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
332) Memory leak
EUVDB-ID: #VU96286
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43870
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_sched_out() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
333) NULL pointer dereference
EUVDB-ID: #VU97263
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46698
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aperture_remove_conflicting_devices(), EXPORT_SYMBOL() and aperture_remove_conflicting_pci_devices() functions in drivers/video/aperture.c, within the of_platform_default_populate_init() function in drivers/of/platform.c, within the DEFINE_MUTEX(), sysfb_unregister() and sysfb_pci_dev_is_enabled() functions in drivers/firmware/sysfb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
334) Use-after-free
EUVDB-ID: #VU96515
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
335) Improper locking
EUVDB-ID: #VU96860
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44956
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the preempt_fence_work_func() function in drivers/gpu/drm/xe/xe_preempt_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
336) Input validation error
EUVDB-ID: #VU96200
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43849
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pdr_locator_new_server(), pdr_locator_del_server() and pdr_get_domain_list() functions in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
337) Use-after-free
EUVDB-ID: #VU97254
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46687
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
338) Improper locking
EUVDB-ID: #VU96154
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42296
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_convert_inline_inode() function in fs/f2fs/inline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
339) Improper locking
EUVDB-ID: #VU97804
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46830
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
340) Improper locking
EUVDB-ID: #VU98367
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47669
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
341) Division by zero
EUVDB-ID: #VU97555
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46732
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
342) Memory leak
EUVDB-ID: #VU97490
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46733
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
343) Off-by-one
EUVDB-ID: #VU97818
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46852
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the cma_heap_vm_fault() function in drivers/dma-buf/heaps/cma_heap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
344) NULL pointer dereference
EUVDB-ID: #VU96527
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43906
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ta_if_invoke_debugfs_write() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
345) Input validation error
EUVDB-ID: #VU96199
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43847
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/wireless/ath/ath12k/hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
346) Improper locking
EUVDB-ID: #VU96151
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42294
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the del_gendisk() function in block/genhd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
347) Out-of-bounds read
EUVDB-ID: #VU97512
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46731
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
348) Improper locking
EUVDB-ID: #VU97180
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45029
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tegra_i2c_probe() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
349) Input validation error
EUVDB-ID: #VU98380
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
350) Use of uninitialized resource
EUVDB-ID: #VU96171
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42272
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the DEFINE_MUTEX() and offsetof() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
351) Buffer overflow
EUVDB-ID: #VU97183
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45022
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vm_area_alloc_pages() function in mm/vmalloc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
352) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
353) NULL pointer dereference
EUVDB-ID: #VU97522
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46765
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_xsk_pool_setup() function in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_clear_hw_tbls(), ice_xdp_setup_prog() and ice_xdp() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_free(), ice_vsi_alloc() and ice_vsi_rebuild() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
354) Buffer overflow
EUVDB-ID: #VU97188
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45026
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
355) Use-after-free
EUVDB-ID: #VU96838
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44986
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_finish_output2() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
356) Improper locking
EUVDB-ID: #VU96855
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
357) Division by zero
EUVDB-ID: #VU98372
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47663
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
358) Memory leak
EUVDB-ID: #VU96100
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42262
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v3d_get_cpu_reset_performance_params() and v3d_get_cpu_copy_performance_query_params() functions in drivers/gpu/drm/v3d/v3d_submit.c, within the v3d_timestamp_query_info_free() function in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
359) Division by zero
EUVDB-ID: #VU96545
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43889
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
360) Use-after-free
EUVDB-ID: #VU96839
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44987
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
361) NULL pointer dereference
EUVDB-ID: #VU96293
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43866
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
362) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
363) Out-of-bounds read
EUVDB-ID: #VU97790
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46847
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the new_vmap_block() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
364) Use-after-free
EUVDB-ID: #VU97251
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
365) Improper error handling
EUVDB-ID: #VU97546
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46783
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
366) NULL pointer dereference
EUVDB-ID: #VU97513
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46761
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
367) Improper locking
EUVDB-ID: #VU97808
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46840
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
368) Out-of-bounds read
EUVDB-ID: #VU96116
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
369) Input validation error
EUVDB-ID: #VU96306
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43868
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYM_CODE_END() function in arch/riscv/purgatory/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
370) Improper error handling
EUVDB-ID: #VU96867
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45005
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/s390/kvm/kvm-s390.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
371) Resource management error
EUVDB-ID: #VU96189
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42322
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
372) Use of uninitialized resource
EUVDB-ID: #VU96169
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43828
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
373) Use-after-free
EUVDB-ID: #VU96103
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43834
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
374) Use-after-free
EUVDB-ID: #VU96514
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43891
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the trigger_start(), event_trigger_regex_open() and event_trigger_regex_write() functions in kernel/trace/trace_events_trigger.c, within the event_inject_write() function in kernel/trace/trace_events_inject.c, within the hist_show() and hist_debug_show() functions in kernel/trace/trace_events_hist.c, within the event_enable_read(), event_enable_write(), f_next(), f_show(), event_filter_read(), event_filter_write() and event_callback() functions in kernel/trace/trace_events.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
375) Input validation error
EUVDB-ID: #VU97836
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46861
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipheth_rcvbulk_callback() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
376) Input validation error
EUVDB-ID: #VU96202
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42261
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the v3d_get_cpu_timestamp_query_params(), v3d_get_cpu_reset_timestamp_params() and v3d_get_cpu_copy_query_results_params() functions in drivers/gpu/drm/v3d/v3d_submit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
377) Input validation error
EUVDB-ID: #VU96298
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43875
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vpci_scan_bus() and epf_ntb_bind() functions in drivers/pci/endpoint/functions/pci-epf-vntb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
378) Resource management error
EUVDB-ID: #VU96178
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43840
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
379) NULL pointer dereference
EUVDB-ID: #VU96140
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42287
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
380) Improper error handling
EUVDB-ID: #VU97543
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46752
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
381) Incorrect calculation
EUVDB-ID: #VU97284
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46711
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the !!() and mptcp_pm_nl_add_addr_received() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
382) Improper locking
EUVDB-ID: #VU97313
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
383) Resource management error
EUVDB-ID: #VU96598
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44943
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hugetlb_follow_page_mask() function in mm/hugetlb.c, within the follow_devmap_pmd(), follow_devmap_pud() and follow_trans_huge_pmd() functions in mm/huge_memory.c, within the try_grab_folio(), gup_put_folio(), follow_page_pte(), get_gate_page(), undo_dev_pagemap(), gup_pte_range(), __gup_device_huge(), gup_hugepte(), gup_huge_pmd(), gup_huge_pud() and gup_huge_pgd() functions in mm/gup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
384) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
385) Memory leak
EUVDB-ID: #VU96285
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43869
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_sched_out(), exclusive_event_installable(), perf_pending_task() and perf_event_alloc() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
386) Use-after-free
EUVDB-ID: #VU97495
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46781
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
387) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
388) Memory leak
EUVDB-ID: #VU96195
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42283
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
389) Buffer overflow
EUVDB-ID: #VU98371
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47661
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
390) Input validation error
EUVDB-ID: #VU96160
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43817
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
391) NULL pointer dereference
EUVDB-ID: #VU97797
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
392) Input validation error
EUVDB-ID: #VU96204
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42267
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the no_context() function in arch/riscv/mm/fault.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
393) Infinite loop
EUVDB-ID: #VU97556
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46729
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the dccg35_get_other_enabled_symclk_fe() function in drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
394) NULL pointer dereference
EUVDB-ID: #VU97801
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46857
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
395) Improper error handling
EUVDB-ID: #VU96166
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42295
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
396) NULL pointer dereference
EUVDB-ID: #VU97524
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46760
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw_usb_init_rx() and rtw_usb_probe() functions in drivers/net/wireless/realtek/rtw88/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
397) Improper locking
EUVDB-ID: #VU96152
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42315
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the exfat_get_dentry_set() function in fs/exfat/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
398) Improper locking
EUVDB-ID: #VU97178
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45019
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_tx_reporter_timeout_recover() function in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
399) Input validation error
EUVDB-ID: #VU96889
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
400) Use-after-free
EUVDB-ID: #VU96549
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44941
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_read_inode() function in fs/f2fs/inode.c, within the sanity_check_extent_cache() and f2fs_init_read_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
401) NULL pointer dereference
EUVDB-ID: #VU96146
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42269
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6table_nat_init() function in net/ipv6/netfilter/ip6table_nat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
402) Improper locking
EUVDB-ID: #VU96862
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44957
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_MUTEX(), irqfd_wakeup(), irqfd_poll_func(), privcmd_irqfd_assign(), privcmd_irqfd_deassign() and privcmd_irqfd_init() functions in drivers/xen/privcmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
403) Input validation error
EUVDB-ID: #VU99223
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure-fde (Ubuntu package): before 6.8.0-1020.23~22.04.1
linux-image-6.8.0-1020-azure (Ubuntu package): before 6.8.0-1020.23~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-1020-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7196-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
