Ubuntu update for linux-azure-5.15
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 103 |
| CVE-ID | CVE-2024-50269 CVE-2024-50208 CVE-2024-53101 CVE-2024-50257 CVE-2024-50110 CVE-2024-39497 CVE-2024-50116 CVE-2024-50153 CVE-2024-50143 CVE-2023-52913 CVE-2024-53042 CVE-2024-41066 CVE-2024-42252 CVE-2024-50247 CVE-2024-50131 CVE-2024-50182 CVE-2024-50279 CVE-2024-50209 CVE-2024-50163 CVE-2024-50265 CVE-2024-50010 CVE-2024-50171 CVE-2024-50295 CVE-2024-53088 CVE-2024-50142 CVE-2024-50058 CVE-2024-50195 CVE-2024-50232 CVE-2024-50141 CVE-2024-50117 CVE-2024-50229 CVE-2024-53061 CVE-2024-50074 CVE-2024-50282 CVE-2024-50296 CVE-2024-50218 CVE-2024-50259 CVE-2024-26718 CVE-2024-50134 CVE-2024-50150 CVE-2024-50301 CVE-2024-40953 CVE-2024-42291 CVE-2024-50086 CVE-2024-50198 CVE-2024-50194 CVE-2024-50168 CVE-2024-50196 CVE-2024-50262 CVE-2024-50290 CVE-2024-50036 CVE-2024-50156 CVE-2024-53066 CVE-2024-50245 CVE-2024-50278 CVE-2024-50127 CVE-2024-53055 CVE-2024-50287 CVE-2024-53052 CVE-2024-35887 CVE-2024-50199 CVE-2024-50205 CVE-2024-50273 CVE-2024-50185 CVE-2024-50201 CVE-2024-50072 CVE-2024-50234 CVE-2024-50101 CVE-2024-50103 CVE-2024-50302 CVE-2024-50251 CVE-2024-53104 CVE-2024-50083 CVE-2024-50292 CVE-2024-50236 CVE-2024-50230 CVE-2024-50085 CVE-2024-50162 CVE-2024-50193 CVE-2024-50267 CVE-2024-50192 CVE-2024-50148 CVE-2024-50167 CVE-2024-50249 CVE-2024-50268 CVE-2024-53058 CVE-2024-41080 CVE-2024-50233 CVE-2024-53097 CVE-2024-50244 CVE-2024-50160 CVE-2024-50299 CVE-2024-50115 CVE-2024-53059 CVE-2024-50099 CVE-2024-50154 CVE-2024-53063 CVE-2024-50237 CVE-2024-50128 CVE-2024-40965 CVE-2024-50151 CVE-2024-50082 CVE-2024-50202 |
| CWE-ID | CWE-404 CWE-119 CWE-908 CWE-416 CWE-401 CWE-388 CWE-667 CWE-125 CWE-20 CWE-399 CWE-369 CWE-476 CWE-835 CWE-191 CWE-682 CWE-617 CWE-787 |
| Exploitation vector | Local |
| Public exploit |
Vulnerability #70 is being exploited in the wild. Public exploit code for vulnerability #71 is available. Vulnerability #72 is being exploited in the wild. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-cvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1081-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1081-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1075-oracle (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 103 vulnerabilities.
1) Improper resource shutdown or release
EUVDB-ID: #VU100649
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50269
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU100141
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50208
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of uninitialized resource
EUVDB-ID: #VU100940
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ocfs2_setattr() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU100168
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50257
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xt_find_table_lock() function in net/netfilter/x_tables.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU99801
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50110
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_to_user_auth() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU94313
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39497
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper error handling
EUVDB-ID: #VU99831
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50116
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU100061
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50153
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the target_alloc_device() function in drivers/target/target_core_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use of uninitialized resource
EUVDB-ID: #VU100084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50143
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU96337
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52913
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_gem_init__contexts(), gem_context_register() and finalize_create_context_locked() functions in drivers/gpu/drm/i915/gem/i915_gem_context.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU100718
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53042
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/net/ip_tunnels.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU94927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41066
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU95561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42252
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU100172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50247
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decompress_chunk() function in fs/ntfs3/lznt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper error handling
EUVDB-ID: #VU99833
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50131
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the traceprobe_parse_event_name() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU100147
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50182
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU100620
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50279
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU100148
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50209
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU100082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU100610
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50265
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU99168
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50010
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYSCALL_DEFINE1(), EXPORT_SYMBOL() and do_open_execat() functions in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU100056
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource management error
EUVDB-ID: #VU100646
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50295
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arc_emac_tx_clean(), arc_emac_rx(), arc_emac_open(), arc_emac_set_rx_mode(), arc_free_tx_queue(), arc_free_rx_queue() and arc_emac_tx() functions in drivers/net/ethernet/arc/emac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU100705
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53088
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU100081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the verify_newsa_info() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU99205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50058
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Resource management error
EUVDB-ID: #VU100150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50195
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Division by zero
EUVDB-ID: #VU100199
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50232
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad7124_write_raw() function in drivers/iio/adc/ad7124.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU100077
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50141
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU99818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50117
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU100183
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50229
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU100733
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53061
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU99445
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50074
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU100638
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50282
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the amdgpu_debugfs_regs_smc_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU100626
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50296
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hnae3_unregister_ae_algo_prepare() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Input validation error
EUVDB-ID: #VU100187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50218
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Input validation error
EUVDB-ID: #VU100204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50259
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nsim_nexthop_bucket_activity_write() function in drivers/net/netdevsim/fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU91203
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26718
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the verity_work() and verity_end_io() functions in drivers/md/dm-verity-target.c, within the crypt_io_init(), crypt_inc_pending(), crypt_dec_pending(), kcryptd_crypt() and kcryptd_queue_crypt() functions in drivers/md/dm-crypt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU99837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU100059
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50150
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the typec_altmode_release() and typec_register_altmode() functions in drivers/usb/typec/class.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU100622
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU94236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40953
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Input validation error
EUVDB-ID: #VU96207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ice_vc_fdir_reset_cnt_all(), ice_vc_add_fdir_fltr_post(), ice_vc_del_fdir_fltr_post() and ice_vc_add_fdir_fltr() functions in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c, within the ice_parse_rx_flow_user_data() function in drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU99444
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50086
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_check_user_session(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the __handle_ksmbd_work() function in fs/smb/server/server.c, within the ksmbd_expire_session(), ksmbd_session_lookup_slowpath(), ksmbd_session_lookup_all() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU100123
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50198
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU100146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50194
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Memory leak
EUVDB-ID: #VU100054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50168
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sun3_82586_send_packet() function in drivers/net/ethernet/i825xx/sun3_82586.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Infinite loop
EUVDB-ID: #VU100142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50196
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU100173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50262
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Integer underflow
EUVDB-ID: #VU100637
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50290
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Incorrect calculation
EUVDB-ID: #VU99185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50036
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU100073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50156
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_disp_state_dump_regs() and msm_disp_state_print() functions in drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use of uninitialized resource
EUVDB-ID: #VU100730
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53066
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU100185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50245
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_lookup() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU100619
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50278
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU99808
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50127
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Infinite loop
EUVDB-ID: #VU100734
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53055
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the iwl_mvm_umac_scan_cfg_channels_v6_6g() function in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Division by zero
EUVDB-ID: #VU100639
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50287
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper locking
EUVDB-ID: #VU100720
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53052
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Use-after-free
EUVDB-ID: #VU90159
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU100120
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50199
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unuse_mm() function in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use of uninitialized resource
EUVDB-ID: #VU100136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50205
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) NULL pointer dereference
EUVDB-ID: #VU100623
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50273
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Reachable assertion
EUVDB-ID: #VU100131
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50185
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Resource management error
EUVDB-ID: #VU100151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Resource management error
EUVDB-ID: #VU99457
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50072
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/x86/include/asm/nospec-branch.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU100184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50234
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Input validation error
EUVDB-ID: #VU99847
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50101
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the domain_context_clear_one_cb() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU99814
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50103
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the asoc_qcom_lpass_cpu_platform_probe() function in sound/soc/qcom/lpass-cpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Memory leak
EUVDB-ID: #VU100611
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2024-50302
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
Note, the vulnerability is being actively exploited in the wild against Android devices.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
71) Incorrect calculation
EUVDB-ID: #VU100202
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-50251
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nft_payload_set_eval() function in net/netfilter/nft_payload.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
72) Out-of-bounds write
EUVDB-ID: #VU101102
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53104
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
73) Resource management error
EUVDB-ID: #VU99458
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50083
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU100625
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50292
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Memory leak
EUVDB-ID: #VU100162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Input validation error
EUVDB-ID: #VU100188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50230
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use-after-free
EUVDB-ID: #VU99443
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) NULL pointer dereference
EUVDB-ID: #VU100075
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50162
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_map_hash_get_next_key(), dev_map_bpf_prog_run() and bq_xmit_all() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Resource management error
EUVDB-ID: #VU100149
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50193
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/entry/entry_32.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use-after-free
EUVDB-ID: #VU100613
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50267
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Resource management error
EUVDB-ID: #VU100144
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50192
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Resource management error
EUVDB-ID: #VU100087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50148
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Memory leak
EUVDB-ID: #VU100053
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50167
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the be_xmit() function in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper locking
EUVDB-ID: #VU100186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50249
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the acpi_cppc_processor_probe() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Out-of-bounds read
EUVDB-ID: #VU100618
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50268
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ucsi_ccg_update_set_new_cam_cmd() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Improper error handling
EUVDB-ID: #VU100729
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53058
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper locking
EUVDB-ID: #VU94990
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41080
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Division by zero
EUVDB-ID: #VU100200
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50233
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU100937
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53097
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __do_krealloc() function in mm/slab_common.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use of uninitialized resource
EUVDB-ID: #VU100195
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50244
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ni_clear() function in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) NULL pointer dereference
EUVDB-ID: #VU100074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50160
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dolphin_fixups() function in sound/pci/hda/patch_cs8409.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Input validation error
EUVDB-ID: #VU100631
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50299
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Out-of-bounds read
EUVDB-ID: #VU99810
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50115
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Input validation error
EUVDB-ID: #VU100728
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53059
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper locking
EUVDB-ID: #VU99824
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50099
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Use-after-free
EUVDB-ID: #VU100062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50154
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Resource management error
EUVDB-ID: #VU100741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53063
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use of uninitialized resource
EUVDB-ID: #VU100194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50237
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Out-of-bounds read
EUVDB-ID: #VU99812
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50128
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wwan/wwan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Improper locking
EUVDB-ID: #VU94276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Out-of-bounds read
EUVDB-ID: #VU100066
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50151
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper locking
EUVDB-ID: #VU99451
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50082
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Input validation error
EUVDB-ID: #VU100130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50202
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1075.81~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1081.90~20.04.1.57
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1081.90~20.04.1
linux-image-5.15.0-1081-azure-fde (Ubuntu package): before 5.15.0-1081.90~20.04.1.1
linux-image-5.15.0-1081-azure (Ubuntu package): before 5.15.0-1081.90~20.04.1
linux-image-5.15.0-1075-oracle (Ubuntu package): before 5.15.0-1075.81~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-cvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure-fde_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1081-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-1075-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7289-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
