Ubuntu update for linux-ibm

1) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47698

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU99011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50006

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU94276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Division by zero

EUVDB-ID: #VU100200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50233

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU98953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49944

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47684

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU99837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50134

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU100620

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50279

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU100611

Risk: Medium

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2024-50302

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

12) Out-of-bounds read

EUVDB-ID: #VU94236

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40953

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU100184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU94927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41066

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper error handling

EUVDB-ID: #VU99062

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50040

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use of uninitialized resource

EUVDB-ID: #VU100084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50143

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41016

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU100728

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53059

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU100150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50195

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU100130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU100613

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50267

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper locking

EUVDB-ID: #VU99016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU98869

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU97781

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46849

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU100066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50151

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU98885

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49867

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) NULL pointer dereference

EUVDB-ID: #VU98949

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49962

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU100187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU99133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50039

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU100087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50148

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Division by zero

EUVDB-ID: #VU100639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50287

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU100059

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50150

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the typec_altmode_release() and typec_register_altmode() functions in drivers/usb/typec/class.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU98965

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU98913

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47757

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU99193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49997

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper locking

EUVDB-ID: #VU99031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU100741

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53063

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Resource management error

EUVDB-ID: #VU99169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49878

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Out-of-bounds read

EUVDB-ID: #VU90309

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35896

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU94256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper locking

EUVDB-ID: #VU95561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42252

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU98598

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer overflow

EUVDB-ID: #VU100638

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50282

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the amdgpu_debugfs_regs_smc_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Memory leak

EUVDB-ID: #VU96512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44931

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Input validation error

EUVDB-ID: #VU99041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Resource management error

EUVDB-ID: #VU99150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49963

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Integer underflow

EUVDB-ID: #VU100637

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50290

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU90737

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47469

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the LIST_HEAD(), spi_add_device(), spi_add_device_locked(), spi_register_controller() and spi_unregister_controller() functions in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper error handling

EUVDB-ID: #VU99831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50116

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Out-of-bounds read

EUVDB-ID: #VU100173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50262

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper locking

EUVDB-ID: #VU99451

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50082

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) NULL pointer dereference

EUVDB-ID: #VU98973

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) NULL pointer dereference

EUVDB-ID: #VU99818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50117

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper error handling

EUVDB-ID: #VU99833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50131

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the traceprobe_parse_event_name() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) NULL pointer dereference

EUVDB-ID: #VU98962

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) NULL pointer dereference

EUVDB-ID: #VU98941

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Buffer overflow

EUVDB-ID: #VU99151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU100623

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50273

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Memory leak

EUVDB-ID: #VU100056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Use of uninitialized resource

EUVDB-ID: #VU100194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50237

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Resource management error

EUVDB-ID: #VU99172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49955

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Input validation error

EUVDB-ID: #VU100188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Buffer overflow

EUVDB-ID: #VU100146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50194

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Out-of-bounds read

EUVDB-ID: #VU100619

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50278

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Use-after-free

EUVDB-ID: #VU99808

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50127

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Use of uninitialized resource

EUVDB-ID: #VU100730

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53066

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Buffer overflow

EUVDB-ID: #VU93344

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38544

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Out-of-bounds read

EUVDB-ID: #VU98910

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49902

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Input validation error

EUVDB-ID: #VU99224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49892

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Memory leak

EUVDB-ID: #VU97776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper error handling

EUVDB-ID: #VU99070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49966

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Memory leak

EUVDB-ID: #VU100053

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50167

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the be_xmit() function in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Out-of-bounds read

EUVDB-ID: #VU98920

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47697

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper locking

EUVDB-ID: #VU99013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49985

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Infinite loop

EUVDB-ID: #VU99121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50024

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Incorrect calculation

EUVDB-ID: #VU100202

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-50251

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: Yes

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nft_payload_set_eval() function in net/netfilter/nft_payload.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

96) Input validation error

EUVDB-ID: #VU99228

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47740

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_ioc_start_atomic_write(), f2fs_ioc_commit_atomic_write(), f2fs_ioc_start_volatile_write(), f2fs_ioc_release_volatile_write() and f2fs_ioc_abort_volatile_write() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Memory leak

EUVDB-ID: #VU98860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49851

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Race condition

EUVDB-ID: #VU99125

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50059

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Buffer overflow

EUVDB-ID: #VU99156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49973

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Use-after-free

EUVDB-ID: #VU90159

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35887

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) NULL pointer dereference

EUVDB-ID: #VU100626

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50296

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hnae3_unregister_ae_algo_prepare() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Use-after-free

EUVDB-ID: #VU98897

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper locking

EUVDB-ID: #VU98997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50044

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Out-of-bounds read

EUVDB-ID: #VU100622

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47709

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Memory leak

EUVDB-ID: #VU98854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49975

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper locking

EUVDB-ID: #VU99033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47710

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper locking

EUVDB-ID: #VU99824

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50099

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Resource management error

EUVDB-ID: #VU100143

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50184

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Input validation error

EUVDB-ID: #VU100631

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50299

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Memory leak

EUVDB-ID: #VU100610

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50265

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Input validation error

EUVDB-ID: #VU99042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Memory leak

EUVDB-ID: #VU100054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50168

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sun3_82586_send_packet() function in drivers/net/ethernet/i825xx/sun3_82586.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) NULL pointer dereference

EUVDB-ID: #VU98983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47692

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Out-of-bounds read

EUVDB-ID: #VU99445

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Improper locking

EUVDB-ID: #VU99032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Use-after-free

EUVDB-ID: #VU98870

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49924

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Out-of-bounds write

EUVDB-ID: #VU101102

Risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:]

CVE-ID: CVE-2024-53104

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

127) Use of uninitialized resource

EUVDB-ID: #VU100136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50205

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Buffer overflow

EUVDB-ID: #VU99843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50096

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use-after-free

EUVDB-ID: #VU98888

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47747

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Use-after-free

EUVDB-ID: #VU100120

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50199

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unuse_mm() function in mm/swapfile.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU90657

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52458

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Memory leak

EUVDB-ID: #VU100162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Use of uninitialized resource

EUVDB-ID: #VU100940

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53101

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ocfs2_setattr() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Improper locking

EUVDB-ID: #VU96297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43863

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Use-after-free

EUVDB-ID: #VU97782

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Use-after-free

EUVDB-ID: #VU98878

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) NULL pointer dereference

EUVDB-ID: #VU98952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49949

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Input validation error

EUVDB-ID: #VU100081

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50142

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the verify_newsa_info() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Use-after-free

EUVDB-ID: #VU98879

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49982

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Update the affected package linux-ibm to the latest version.

Ubuntu: 20.04

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1086.115

linux-image-5.4.0-1086-ibm (Ubuntu package): before 5.4.0-1086.91

• cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5_4_0-1086-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*

http://ubuntu.com/security/notices/USN-7294-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.