Ubuntu update for linux-azure

Published: 2025-02-24 | Updated: 2025-03-12

Risk	High
Patch available	YES
Number of vulnerabilities	103
CVE-ID	CVE-2024-50196 CVE-2024-50199 CVE-2024-53055 CVE-2024-53101 CVE-2024-50160 CVE-2024-50257 CVE-2024-50148 CVE-2024-50182 CVE-2024-50162 CVE-2024-50249 CVE-2024-50127 CVE-2024-50115 CVE-2024-50192 CVE-2024-50218 CVE-2024-50086 CVE-2024-50262 CVE-2024-50201 CVE-2024-50082 CVE-2024-50110 CVE-2023-52913 CVE-2024-50290 CVE-2024-50269 CVE-2024-50208 CVE-2024-50103 CVE-2024-50194 CVE-2024-50237 CVE-2024-50245 CVE-2024-50128 CVE-2024-53052 CVE-2024-50117 CVE-2024-42252 CVE-2024-50233 CVE-2024-50058 CVE-2024-50229 CVE-2024-40965 CVE-2024-50265 CVE-2024-50143 CVE-2024-50205 CVE-2024-50131 CVE-2024-50236 CVE-2024-53066 CVE-2024-50268 CVE-2024-41066 CVE-2024-53088 CVE-2024-50209 CVE-2024-40953 CVE-2024-50168 CVE-2024-50010 CVE-2024-50195 CVE-2024-50171 CVE-2024-53058 CVE-2024-50267 CVE-2024-53061 CVE-2024-53042 CVE-2024-53104 CVE-2024-50247 CVE-2024-50101 CVE-2024-53063 CVE-2024-50167 CVE-2024-50273 CVE-2024-50163 CVE-2024-50085 CVE-2024-50154 CVE-2024-50301 CVE-2024-50259 CVE-2024-50292 CVE-2024-50185 CVE-2024-26718 CVE-2024-50116 CVE-2024-50302 CVE-2024-50083 CVE-2024-50299 CVE-2024-50036 CVE-2024-50251 CVE-2024-50202 CVE-2024-50099 CVE-2024-50279 CVE-2024-50232 CVE-2024-53059 CVE-2024-50153 CVE-2024-50156 CVE-2024-41080 CVE-2024-50193 CVE-2024-50287 CVE-2024-50141 CVE-2024-50296 CVE-2024-50230 CVE-2024-50074 CVE-2024-50234 CVE-2024-50142 CVE-2024-42291 CVE-2024-50151 CVE-2024-50295 CVE-2024-50150 CVE-2024-50282 CVE-2024-50278 CVE-2024-50198 CVE-2024-53097 CVE-2024-50244 CVE-2024-50134 CVE-2024-39497 CVE-2024-50072 CVE-2024-35887
CWE-ID	CWE-835 CWE-416 CWE-908 CWE-476 CWE-399 CWE-119 CWE-667 CWE-125 CWE-20 CWE-401 CWE-191 CWE-404 CWE-369 CWE-388 CWE-787 CWE-617 CWE-682
Exploitation vector	Local
Public exploit	Vulnerability #55 is being exploited in the wild. Vulnerability #70 is being exploited in the wild. Public exploit code for vulnerability #74 is available.
Vulnerable software	Ubuntu Operating systems & Components / Operating system linux-image-oracle-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop-5.15 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1081-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1081-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1075-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1072-nvidia (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1060-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component
Vendor	Canonical Ltd.

Security Bulletin

This security bulletin contains information about 103 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU100142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50196

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU100120

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50199

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unuse_mm() function in mm/swapfile.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Infinite loop

EUVDB-ID: #VU100734

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53055

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the iwl_mvm_umac_scan_cfg_channels_v6_6g() function in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use of uninitialized resource

EUVDB-ID: #VU100940

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53101

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ocfs2_setattr() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU100074

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50160

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dolphin_fixups() function in sound/pci/hda/patch_cs8409.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU100168

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50257

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xt_find_table_lock() function in net/netfilter/x_tables.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU100087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50148

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU100147

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50182

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU100075

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50162

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dev_map_hash_get_next_key(), dev_map_bpf_prog_run() and bq_xmit_all() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU100186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50249

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the acpi_cppc_processor_probe() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU99808

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50127

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU99810

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50115

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU100144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50192

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU100187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU99444

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50086

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_check_user_session(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the __handle_ksmbd_work() function in fs/smb/server/server.c, within the ksmbd_expire_session(), ksmbd_session_lookup_slowpath(), ksmbd_session_lookup_all() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU100173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50262

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU100151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50201

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU99451

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50082

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU99801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50110

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the copy_to_user_auth() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU96337

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52913

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_gem_init__contexts(), gem_context_register() and finalize_create_context_locked() functions in drivers/gpu/drm/i915/gem/i915_gem_context.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Integer underflow

EUVDB-ID: #VU100637

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50290

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU100141

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50208

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU99814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50103

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the asoc_qcom_lpass_cpu_platform_probe() function in sound/soc/qcom/lpass-cpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer overflow

EUVDB-ID: #VU100146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50194

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use of uninitialized resource

EUVDB-ID: #VU100194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50237

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper locking

EUVDB-ID: #VU100185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50245

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_lookup() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU99812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50128

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wwan/wwan_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper locking

EUVDB-ID: #VU100720

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53052

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU99818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50117

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU95561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42252

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Division by zero

EUVDB-ID: #VU100200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50233

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU99205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50058

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU94276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Memory leak

EUVDB-ID: #VU100610

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50265

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use of uninitialized resource

EUVDB-ID: #VU100084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50143

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use of uninitialized resource

EUVDB-ID: #VU100136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50205

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper error handling

EUVDB-ID: #VU99833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50131

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the traceprobe_parse_event_name() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Memory leak

EUVDB-ID: #VU100162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use of uninitialized resource

EUVDB-ID: #VU100730

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53066

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU100618

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50268

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ucsi_ccg_update_set_new_cam_cmd() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory leak

EUVDB-ID: #VU94927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41066

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Memory leak

EUVDB-ID: #VU100705

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53088

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU100148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50209

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

EUVDB-ID: #VU94236

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40953

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Memory leak

EUVDB-ID: #VU100054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50168

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sun3_82586_send_packet() function in drivers/net/ethernet/i825xx/sun3_82586.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Resource management error

EUVDB-ID: #VU99168

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50010

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYSCALL_DEFINE1(), EXPORT_SYMBOL() and do_open_execat() functions in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU100150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50195

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Memory leak

EUVDB-ID: #VU100056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper error handling

EUVDB-ID: #VU100729

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53058

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU100613

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50267

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper locking

EUVDB-ID: #VU100718

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53042

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the include/net/ip_tunnels.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Out-of-bounds write

EUVDB-ID: #VU101102

Risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-53104

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

56) Out-of-bounds read

EUVDB-ID: #VU100172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50247

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decompress_chunk() function in fs/ntfs3/lznt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU99847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50101

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the domain_context_clear_one_cb() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Resource management error

EUVDB-ID: #VU100741

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53063

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Memory leak

EUVDB-ID: #VU100053

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50167

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the be_xmit() function in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) NULL pointer dereference

EUVDB-ID: #VU100623

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50273

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Input validation error

EUVDB-ID: #VU100082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50163

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU99443

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50085

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Use-after-free

EUVDB-ID: #VU100062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Out-of-bounds read

EUVDB-ID: #VU100622

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Input validation error

EUVDB-ID: #VU100204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50259

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nsim_nexthop_bucket_activity_write() function in drivers/net/netdevsim/fib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) NULL pointer dereference

EUVDB-ID: #VU100625

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50292

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Reachable assertion

EUVDB-ID: #VU100131

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50185

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Buffer overflow

EUVDB-ID: #VU91203

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26718

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the verity_work() and verity_end_io() functions in drivers/md/dm-verity-target.c, within the crypt_io_init(), crypt_inc_pending(), crypt_dec_pending(), kcryptd_crypt() and kcryptd_queue_crypt() functions in drivers/md/dm-crypt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper error handling

EUVDB-ID: #VU99831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50116

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Memory leak

EUVDB-ID: #VU100611

Risk: Medium

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2024-50302

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

71) Resource management error

EUVDB-ID: #VU99458

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50083

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Input validation error

EUVDB-ID: #VU100631

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50299

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Incorrect calculation

EUVDB-ID: #VU99185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50036

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Incorrect calculation

EUVDB-ID: #VU100202

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-50251

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nft_payload_set_eval() function in net/netfilter/nft_payload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

75) Input validation error

EUVDB-ID: #VU100130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper locking

EUVDB-ID: #VU99824

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50099

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

EUVDB-ID: #VU100620

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50279

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Division by zero

EUVDB-ID: #VU100199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50232

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad7124_write_raw() function in drivers/iio/adc/ad7124.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Input validation error

EUVDB-ID: #VU100728

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53059

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use-after-free

EUVDB-ID: #VU100061

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50153

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the target_alloc_device() function in drivers/target/target_core_device.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU100073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50156

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_disp_state_dump_regs() and msm_disp_state_print() functions in drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper locking

EUVDB-ID: #VU94990

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41080

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Resource management error

EUVDB-ID: #VU100149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50193

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/entry/entry_32.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Division by zero

EUVDB-ID: #VU100639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50287

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper locking

EUVDB-ID: #VU100077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU100626

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50296

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hnae3_unregister_ae_algo_prepare() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Input validation error

EUVDB-ID: #VU100188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds read

EUVDB-ID: #VU99445

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper locking

EUVDB-ID: #VU100184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Input validation error

EUVDB-ID: #VU100081

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50142

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the verify_newsa_info() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Input validation error

EUVDB-ID: #VU96207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42291

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ice_vc_fdir_reset_cnt_all(), ice_vc_add_fdir_fltr_post(), ice_vc_del_fdir_fltr_post() and ice_vc_add_fdir_fltr() functions in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c, within the ice_parse_rx_flow_user_data() function in drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Out-of-bounds read

EUVDB-ID: #VU100066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50151

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Resource management error

EUVDB-ID: #VU100646

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50295

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arc_emac_tx_clean(), arc_emac_rx(), arc_emac_open(), arc_emac_set_rx_mode(), arc_free_tx_queue(), arc_free_rx_queue() and arc_emac_tx() functions in drivers/net/ethernet/arc/emac_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Use-after-free

EUVDB-ID: #VU100059

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50150

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the typec_altmode_release() and typec_register_altmode() functions in drivers/usb/typec/class.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Buffer overflow

EUVDB-ID: #VU100638

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50282

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the amdgpu_debugfs_regs_smc_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Out-of-bounds read

EUVDB-ID: #VU100619

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50278

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) NULL pointer dereference

EUVDB-ID: #VU100123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50198

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Use-after-free

EUVDB-ID: #VU100937

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53097

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __do_krealloc() function in mm/slab_common.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Use of uninitialized resource

EUVDB-ID: #VU100195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50244

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ni_clear() function in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Buffer overflow

EUVDB-ID: #VU99837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50134

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Buffer overflow

EUVDB-ID: #VU94313

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39497

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Resource management error

EUVDB-ID: #VU99457

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50072

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/x86/include/asm/nospec-branch.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Use-after-free

EUVDB-ID: #VU90159

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35887

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1075.71

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1072.72

linux-image-nvidia (Ubuntu package): before 5.15.0.1072.72

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1060.59

linux-image-gkeop (Ubuntu package): before 5.15.0.1060.59

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1081.79

linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1081.90.58

linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90.1

linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90

linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81

linux-image-5.15.0-1072-nvidia-lowlatency (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1072-nvidia (Ubuntu package): before 5.15.0-1072.73

linux-image-5.15.0-1060-gkeop (Ubuntu package): before 5.15.0-1060.68

CPE2.3

External links

http://ubuntu.com/security/notices/USN-7289-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.