Ubuntu update for linux-oem-6.11

1) Heap-based buffer overflow

EUVDB-ID: #VU104094

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0927

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hfs_bnode_read_key() function in HFS+ filesystem implementation. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of uninitialized resource

EUVDB-ID: #VU100195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50244

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ni_clear() function in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU102273

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the caam_qi_init() function in drivers/crypto/caam/qi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU99451

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50082

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of uninitialized resource

EUVDB-ID: #VU100636

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50300

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the rtq2208_probe() function in drivers/regulator/rtq2208-regulator.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Infinite loop

EUVDB-ID: #VU99124

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49872

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the memfd_pin_folios() function in mm/gup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU100187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU98951

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49956

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the destroy_workqueue() function in fs/gfs2/ops_fstype.c, within the gfs2_gl_hash_clear() function in fs/gfs2/glock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU102233

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53189

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nl80211_parse_sched_scan() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Reachable assertion

EUVDB-ID: #VU102190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56705

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ia_css_3a_statistics_allocate() function in drivers/staging/media/atomisp/pci/sh_css_params.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU99840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50119

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cifs_init_netfs() function in fs/smb/client/cifsfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU102215

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53192

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the loongson2_clk_probe() function in drivers/clk/clk-loongson2.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU102268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56722

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the free_srqc() function in drivers/infiniband/hw/hns/hns_roce_srq.c, within the hns_roce_mr_free() function in drivers/infiniband/hw/hns/hns_roce_mr.c, within the set_rwqe_data_seg(), free_mr_modify_rsv_qp(), free_mr_post_send_lp_wqe(), free_mr_send_cmd_to_hw(), hns_roce_v2_set_abs_fields(), hns_roce_v2_modify_qp(), hns_roce_v2_query_qp(), hns_roce_v2_destroy_qp_common(), hns_roce_v2_destroy_qp(), hns_roce_v2_modify_cq() and hns_roce_v2_query_cqc() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c, within the hns_roce_table_put() function in drivers/infiniband/hw/hns/hns_roce_hem.c, within the free_cqc() function in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU98874

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49943

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the guc_submit_wedged_fini() function in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU99135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50031

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU100626

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50296

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hnae3_unregister_ae_algo_prepare() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU99019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49939

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtw89_ops_add_interface() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU99045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47752

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_h264_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper error handling

EUVDB-ID: #VU99071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49937

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nl80211_start_radar_detection() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Double free

EUVDB-ID: #VU101230

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53140

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the netlink_skb_set_owner_r(), netlink_sock_destruct(), deferred_put_nlk_sk() and netlink_release() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Memory leak

EUVDB-ID: #VU100162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU100066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50151

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU99446

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50069

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apple_gpio_pinctrl_probe() function in drivers/pinctrl/pinctrl-apple-gpio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Memory leak

EUVDB-ID: #VU100055

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50170

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcmasp_xmit() function in drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU100203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50246

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU100165

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50217

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_close_one_device() function in fs/btrfs/volumes.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Resource management error

EUVDB-ID: #VU101233

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53125

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the find_equal_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Memory leak

EUVDB-ID: #VU99441

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50084

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU98864

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50005

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mac802154_scan_worker() function in net/mac802154/scan.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU101237

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53137

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bad_syscall() and __do_cache_op() functions in arch/arm/kernel/traps.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Division by zero

EUVDB-ID: #VU100200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50233

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU98882

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU99434

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50067

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Integer underflow

EUVDB-ID: #VU100637

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50290

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU99025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU101222

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53133

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dc_state_create_copy() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Input validation error

EUVDB-ID: #VU100652

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50289

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU98893

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU102272

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56728

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_get_pauseparam() and otx2_set_fecparam() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU102270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56726

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cn10k_alloc_leaf_profile() function in drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Incorrect calculation

EUVDB-ID: #VU99186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50012

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the include/linux/cpufreq.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU100716

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53078

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the host1x_drm_probe() function in drivers/gpu/drm/tegra/drm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU100174

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50223

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vma_next() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use of uninitialized resource

EUVDB-ID: #VU100084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50143

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Division by zero

EUVDB-ID: #VU100639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50287

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Input validation error

EUVDB-ID: #VU99222

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49971

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared_types.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper error handling

EUVDB-ID: #VU100238

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50263

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dup_mmap() and vma_iter_free() functions in kernel/fork.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Buffer overflow

EUVDB-ID: #VU100140

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50206

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the mtk_init_fq_dma() function in drivers/net/ethernet/mediatek/mtk_eth_soc.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU98988

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Out-of-bounds read

EUVDB-ID: #VU98914

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47751

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kirin_pcie_parse_port() function in drivers/pci/controller/dwc/pcie-kirin.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Memory leak

EUVDB-ID: #VU101980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56747

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qedi_alloc_and_init_sb() function in drivers/scsi/qedi/qedi_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU100181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50260

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sock_map_link_update_prog() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use of uninitialized resource

EUVDB-ID: #VU100135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50173

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the tick_ctx_cleanup() function in drivers/gpu/drm/panthor/panthor_sched.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU98977

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47680

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __submit_discard_cmd() function in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) NULL pointer dereference

EUVDB-ID: #VU98923

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50009

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amd_pstate_adjust_perf() and amd_pstate_init_prefcore() functions in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) NULL pointer dereference

EUVDB-ID: #VU102132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53219

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c, within the fuse_read_args_fill(), fuse_release_user_pages(), fuse_aio_complete_req(), fuse_get_frag_size(), fuse_get_user_pages() and fuse_direct_io() functions in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Input validation error

EUVDB-ID: #VU101815

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53144

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_user_confirm_request_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU102063

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53208

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mgmt_set_powered_complete() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper error handling

EUVDB-ID: #VU99070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49966

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) NULL pointer dereference

EUVDB-ID: #VU99815

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50104

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sdm845_snd_startup() and sdm845_snd_shutdown() functions in sound/soc/qcom/sdm845.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper locking

EUVDB-ID: #VU99000

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50030

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wait_event_timeout() function in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Resource management error

EUVDB-ID: #VU100742

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53049

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the test_kmalloc_redzone_access() function in lib/slub_kunit.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) NULL pointer dereference

EUVDB-ID: #VU102137

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53201

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU99809

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50130

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_hook_run_bpf(), bpf_nf_link_release() and bpf_nf_link_attach() functions in net/netfilter/nf_bpf_link.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper locking

EUVDB-ID: #VU99029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49856

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Use-after-free

EUVDB-ID: #VU100830

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53095

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Input validation error

EUVDB-ID: #VU99227

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qm_set_vf_mse(), qm_controller_reset_prepare(), qm_master_ooo_check() and qm_soft_reset_prepare() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Use-after-free

EUVDB-ID: #VU102356

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53216

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/nfsd/export.c. A local user can execute arbitrary code with elevated privileges.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Use-after-free

EUVDB-ID: #VU100616

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50286

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ksmbd_expire_session() and ksmbd_sessions_deregister() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper error handling

EUVDB-ID: #VU100634

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50284

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __rpc_method() and ksmbd_session_rpc_open() functions in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper locking

EUVDB-ID: #VU99027

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47744

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), kvm_online_cpu(), hardware_disable_nolock(), hardware_disable_all_nolock(), hardware_enable_all() and kvm_suspend() functions in virt/kvm/kvm_main.c, within the cpus_read_lock() function in Documentation/virt/kvm/locking.rst. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU98973

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Resource management error

EUVDB-ID: #VU100644

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50275

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sve_init_regs() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Input validation error

EUVDB-ID: #VU101122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53114

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Input validation error

EUVDB-ID: #VU99226

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Resource management error

EUVDB-ID: #VU99835

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50111

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_ale() and die_if_kernel() functions in arch/loongarch/kernel/traps.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU98943

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50000

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Integer overflow

EUVDB-ID: #VU100732

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53081

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the calc_pll() function in drivers/media/i2c/ar0521.c. A local user can execute arbitrary code.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU98975

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49857

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_ftm_set_secured_ranging() function in drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Out-of-bounds read

EUVDB-ID: #VU100173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50262

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) NULL pointer dereference

EUVDB-ID: #VU100624

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50281

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the do_aead_crypto() function in security/keys/trusted-keys/trusted_dcp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Out-of-bounds read

EUVDB-ID: #VU101911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53156

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) NULL pointer dereference

EUVDB-ID: #VU100176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50225

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_bio_init() and __btrfs_bio_end_io() functions in fs/btrfs/bio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Use-after-free

EUVDB-ID: #VU102070

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53239

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Incorrect calculation

EUVDB-ID: #VU99185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50036

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Input validation error

EUVDB-ID: #VU100156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50187

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use-after-free

EUVDB-ID: #VU102062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53165

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Out-of-bounds read

EUVDB-ID: #VU98907

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49931

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Integer overflow

EUVDB-ID: #VU101110

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53111

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the mm/mremap.c. A local user can execute arbitrary code.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Off-by-one

EUVDB-ID: #VU99088

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49862

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the get_rpi() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Input validation error

EUVDB-ID: #VU100836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53091

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/net/tls.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) NULL pointer dereference

EUVDB-ID: #VU99814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50103

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the asoc_qcom_lpass_cpu_platform_probe() function in sound/soc/qcom/lpass-cpu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Resource management error

EUVDB-ID: #VU100743

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53046

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/arm64/boot/dts/freescale/imx8ulp.dtsi. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Use-after-free

EUVDB-ID: #VU102012

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56678

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ___do_page_fault() function in arch/powerpc/mm/fault.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Incorrect calculation

EUVDB-ID: #VU102255

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56749

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the ls_recover() function in fs/dlm/recoverd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Memory leak

EUVDB-ID: #VU102000

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53175

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the create_ipc_ns() function in ipc/namespace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Out-of-bounds read

EUVDB-ID: #VU98904

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49970

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dcn401_stream_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) NULL pointer dereference

EUVDB-ID: #VU99448

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50088

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the add_inode_ref() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper error handling

EUVDB-ID: #VU100635

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50297

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the axienet_start_xmit_dmaengine() function in drivers/net/ethernet/xilinx/xilinx_axienet_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Out-of-bounds read

EUVDB-ID: #VU98917

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47721

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/realtek/rtw89/mac.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU100179

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50240

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qmp_usb_probe() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Buffer overflow

EUVDB-ID: #VU99460

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50076

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the con_font_get() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Input validation error

EUVDB-ID: #VU102276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56683

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_hdmi_debugfs_regs() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) NULL pointer dereference

EUVDB-ID: #VU101105

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53120

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_tc_ct_entry_add_rule() function in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Out-of-bounds read

EUVDB-ID: #VU99445

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Improper locking

EUVDB-ID: #VU99828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50095

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Resource management error

EUVDB-ID: #VU99150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49963

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Out-of-bounds read

EUVDB-ID: #VU100067

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50158

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_re_ib_get_hw_stats() function in drivers/infiniband/hw/bnxt_re/hw_counters.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Improper error handling

EUVDB-ID: #VU99064

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50020

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ice_sriov_set_msix_vec_count() and ice_sriov_get_irqs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Use of uninitialized resource

EUVDB-ID: #VU100731

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53083

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the qcom_pmic_typec_pdphy_pd_transmit_payload() function in drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Double free

EUVDB-ID: #VU99056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50029

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the hci_enhanced_setup_sync() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Input validation error

EUVDB-ID: #VU102265

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56755

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/netfs/fscache_volume.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Out-of-bounds read

EUVDB-ID: #VU98905

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Buffer overflow

EUVDB-ID: #VU99154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50022

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dax_set_mapping() function in drivers/dax/device.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Out-of-bounds read

EUVDB-ID: #VU100619

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50278

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Use-after-free

EUVDB-ID: #VU99806

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50125

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SCO_CONN_TIMEOUT(), sco_sock_timeout() and sco_conn_del() functions in net/bluetooth/sco.c, within the bt_sock_unlink() function in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Use-after-free

EUVDB-ID: #VU98897

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Input validation error

EUVDB-ID: #VU100152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50204

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the copy_mnt_ns() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Resource management error

EUVDB-ID: #VU102252

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56543

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ath12k_mac_peer_cleanup_all() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Use-after-free

EUVDB-ID: #VU101101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53108

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the parse_amd_vsdb() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Buffer overflow

EUVDB-ID: #VU99191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49885

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the slab_update_freelist(), print_slab_info(), inc_slabs_node() and slab_free_hook() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Out-of-bounds read

EUVDB-ID: #VU99812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50128

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wwan/wwan_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Input validation error

EUVDB-ID: #VU99039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04b (Ubuntu package): before 6.11.0-1015.15

linux-image-6.11.0-1015-oem (Ubuntu package): before 6.11.0-1015.15

• cpe:2.3:o:canonical:linux-image-oem-24_04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_11_0-1015-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7310-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Out-of-bounds read

EUVDB-ID: #VU100065

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50139

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the reset_clidr() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.11 to the latest version.