Ubuntu update for linux-lowlatency-hwe-6.11
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 311 |
| CVE-ID | CVE-2025-0927 CVE-2024-56712 CVE-2024-56761 CVE-2025-21661 CVE-2024-56565 CVE-2024-57804 CVE-2024-57887 CVE-2025-21642 CVE-2024-56779 CVE-2025-21656 CVE-2024-57890 CVE-2024-36476 CVE-2024-57843 CVE-2024-56594 CVE-2024-41932 CVE-2025-21653 CVE-2024-56567 CVE-2024-56665 CVE-2024-54191 CVE-2024-57893 CVE-2024-57932 CVE-2024-56656 CVE-2024-57945 CVE-2024-57931 CVE-2024-56599 CVE-2024-57897 CVE-2024-57903 CVE-2024-57918 CVE-2024-57795 CVE-2024-56662 CVE-2025-21639 CVE-2024-55881 CVE-2024-57889 CVE-2024-57884 CVE-2024-57934 CVE-2024-39282 CVE-2024-56718 CVE-2024-56644 CVE-2024-56760 CVE-2024-43098 CVE-2024-47143 CVE-2024-55642 CVE-2024-56634 CVE-2024-56564 CVE-2024-56768 CVE-2024-56649 CVE-2024-57919 CVE-2024-56620 CVE-2024-56625 CVE-2024-56655 CVE-2024-56772 CVE-2025-21637 CVE-2024-56617 CVE-2024-57879 CVE-2024-56715 CVE-2024-56550 CVE-2024-50051 CVE-2024-56673 CVE-2024-51729 CVE-2025-21664 CVE-2025-21649 CVE-2024-56605 CVE-2024-56622 CVE-2024-56591 CVE-2024-56782 CVE-2024-57801 CVE-2024-56664 CVE-2024-57916 CVE-2024-53680 CVE-2024-57926 CVE-2024-56637 CVE-2024-56769 CVE-2024-57924 CVE-2024-56648 CVE-2024-57872 CVE-2024-56593 CVE-2024-57913 CVE-2024-53682 CVE-2024-56670 CVE-2024-56767 CVE-2024-56778 CVE-2024-56777 CVE-2025-21658 CVE-2025-21646 CVE-2024-48875 CVE-2024-56758 CVE-2024-56604 CVE-2024-56787 CVE-2024-56581 CVE-2025-21635 CVE-2024-56641 CVE-2024-56608 CVE-2024-57885 CVE-2024-56716 CVE-2024-56671 CVE-2024-56559 CVE-2025-21633 CVE-2024-56372 CVE-2024-57888 CVE-2024-56623 CVE-2025-21638 CVE-2024-56600 CVE-2024-56647 CVE-2025-21659 CVE-2024-41935 CVE-2024-56624 CVE-2024-56574 CVE-2025-21648 CVE-2024-56621 CVE-2024-54460 CVE-2024-56659 CVE-2024-47141 CVE-2024-57805 CVE-2024-57792 CVE-2024-45828 CVE-2024-53681 CVE-2024-56568 CVE-2024-56764 CVE-2025-21650 CVE-2024-56601 CVE-2024-56663 CVE-2025-21660 CVE-2025-21629 CVE-2024-56595 CVE-2024-57917 CVE-2024-53685 CVE-2024-57882 CVE-2024-57894 CVE-2024-56651 CVE-2024-56657 CVE-2024-57876 CVE-2024-56717 CVE-2024-57935 CVE-2024-56667 CVE-2024-57910 CVE-2024-57793 CVE-2024-56631 CVE-2024-56638 CVE-2025-21640 CVE-2024-56710 CVE-2024-56583 CVE-2024-56557 CVE-2024-56658 CVE-2025-21632 CVE-2024-56645 CVE-2024-56646 CVE-2024-56640 CVE-2024-57944 CVE-2024-56598 CVE-2024-57857 CVE-2024-56709 CVE-2024-56654 CVE-2024-57809 CVE-2024-57895 CVE-2025-21834 CVE-2024-56763 CVE-2024-48881 CVE-2024-57841 CVE-2024-57878 CVE-2024-56774 CVE-2024-57791 CVE-2024-56575 CVE-2024-56619 CVE-2024-56570 CVE-2024-56616 CVE-2024-56569 CVE-2025-21636 CVE-2024-56572 CVE-2024-56552 CVE-2024-56596 CVE-2025-21654 CVE-2024-56573 CVE-2024-56784 CVE-2024-56626 CVE-2024-56642 CVE-2024-56643 CVE-2024-56719 CVE-2024-56632 CVE-2024-57839 CVE-2024-56578 CVE-2024-53690 CVE-2024-56609 CVE-2024-56562 CVE-2024-56589 CVE-2024-56781 CVE-2024-56672 CVE-2024-56775 CVE-2024-56713 CVE-2024-56580 CVE-2024-57874 CVE-2024-56369 CVE-2024-56711 CVE-2025-21651 CVE-2024-56584 CVE-2024-57904 CVE-2024-54680 CVE-2024-56577 CVE-2024-56558 CVE-2024-56780 CVE-2024-58087 CVE-2024-57892 CVE-2025-21644 CVE-2024-57911 CVE-2024-56579 CVE-2025-21663 CVE-2024-56618 CVE-2024-56766 CVE-2024-56653 CVE-2025-21655 CVE-2024-56669 CVE-2024-56759 CVE-2024-48876 CVE-2025-21631 CVE-2024-56765 CVE-2024-56770 CVE-2024-57838 CVE-2025-21634 CVE-2024-56650 CVE-2024-57939 CVE-2024-56606 CVE-2024-56610 CVE-2025-21662 CVE-2024-56785 CVE-2024-55916 CVE-2025-21643 CVE-2024-56586 CVE-2024-56582 CVE-2024-56614 CVE-2024-49571 CVE-2024-49569 CVE-2024-57798 CVE-2024-56633 CVE-2024-55641 CVE-2025-21647 CVE-2025-21652 CVE-2024-56757 CVE-2024-56597 CVE-2024-47794 CVE-2024-57902 CVE-2024-57925 CVE-2024-54683 CVE-2024-57938 CVE-2024-56615 CVE-2024-57906 CVE-2024-53687 CVE-2024-57899 CVE-2024-56783 CVE-2024-56786 CVE-2024-56635 CVE-2024-56551 CVE-2024-53179 CVE-2024-56588 CVE-2024-47408 CVE-2024-57849 CVE-2024-52319 CVE-2024-56576 CVE-2024-57905 CVE-2024-57946 CVE-2024-56607 CVE-2024-57806 CVE-2024-57933 CVE-2024-55639 CVE-2024-56561 CVE-2024-48873 CVE-2024-52332 CVE-2025-21645 CVE-2024-56602 CVE-2024-56590 CVE-2024-57799 CVE-2024-57929 CVE-2024-56639 CVE-2024-56613 CVE-2024-56675 CVE-2024-57912 CVE-2024-57883 CVE-2024-56636 CVE-2024-56592 CVE-2024-57802 CVE-2024-54455 CVE-2024-57908 CVE-2024-56603 CVE-2024-57875 CVE-2024-56773 CVE-2024-47809 CVE-2024-56630 CVE-2024-56587 CVE-2024-56627 CVE-2024-57921 CVE-2024-56660 CVE-2024-56771 CVE-2024-57886 CVE-2024-57896 CVE-2024-57807 CVE-2024-57907 CVE-2024-49568 CVE-2024-54193 CVE-2024-56652 CVE-2024-57940 CVE-2024-57898 CVE-2024-57901 CVE-2024-56714 CVE-2024-56566 CVE-2024-56563 CVE-2024-56368 CVE-2024-56611 CVE-2024-56776 CVE-2024-57850 CVE-2024-56629 CVE-2024-57881 CVE-2024-57880 CVE-2024-57900 |
| CWE-ID | CWE-122 CWE-401 CWE-667 CWE-476 CWE-119 CWE-416 CWE-908 CWE-190 CWE-399 CWE-125 CWE-369 CWE-20 CWE-388 CWE-269 CWE-415 CWE-362 CWE-617 CWE-682 CWE-665 CWE-191 CWE-835 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-lowlatency-hwe-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.11.0-1011-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 311 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU104094
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-0927
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hfs_bnode_read_key() function in HFS+ filesystem implementation. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU101987
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56712
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_memfd_seals(), export_udmabuf() and udmabuf_create() functions in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU102399
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56761
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_user_cp_fault() and do_kernel_cp_fault() functions in arch/x86/kernel/cet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU103118
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21661
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpio_virtuser_make_lookup_table(), gpio_virtuser_device_activate() and gpio_virtuser_device_deactivate() functions in drivers/gpio/gpio-virtuser.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU102128
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56565
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the f2fs_freeze() function in fs/f2fs/super.c, within the __submit_discard_cmd() function in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU102976
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57804
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mpi3mr_read_tsu_interval(), mpi3mr_free_mem(), mpi3mr_free_config_dma_memory() and mpi3mr_process_cfg_req() functions in drivers/scsi/mpi3mr/mpi3mr_fw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU102907
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adv7533_parse_dt() function in drivers/gpu/drm/bridge/adv7511/adv7533.c, within the adv7511_probe(), i2c_unregister_device() and adv7511_remove() functions in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU103029
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21642
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mptcp_pernet_set_defaults(), mptcp_set_scheduler() and proc_scheduler() functions in net/mptcp/ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU102477
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56779
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the release_open_stateid(), spin_lock() and nfsd4_process_open2() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU103132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21656
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the drivetemp_scsi_command() function in drivers/hwmon/drivetemp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Integer overflow
EUVDB-ID: #VU102963
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57890
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the uverbs_request_next_ptr(), ib_uverbs_post_send() and ib_uverbs_unmarshall_recv() functions in drivers/infiniband/core/uverbs_cmd.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU102920
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36476
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_io_resp_imm() function in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU102967
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57843
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the virtnet_rq_alloc(), add_recvbuf_small() and add_recvbuf_mergeable() functions in drivers/net/virtio_net.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU102160
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56594
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_ttm_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU102983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41932
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __sched_setaffinity() function in kernel/sched/syscalls.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU103016
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21653
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the NLA_POLICY_MAX() function in net/sched/cls_flow.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Division by zero
EUVDB-ID: #VU102216
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56567
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad7780_write_raw() function in drivers/iio/adc/ad7780.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU102188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56665
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the perf_event_detach_bpf_prog() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU102943
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54191
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iso_conn_big_sync() and iso_sock_recvmsg() functions in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU102918
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57893
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEFINE_SPINLOCK() and snd_seq_oss_synth_sysex() functions in sound/core/seq/oss/seq_oss_synth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU103123
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57932
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_xdp_xmit() function in drivers/net/ethernet/google/gve/gve_tx.c, within the gve_turndown() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper error handling
EUVDB-ID: #VU102202
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56656
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the drivers/net/ethernet/broadcom/bnxt/bnxt.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU103119
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57945
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL(), setup_bootmem() and setup_vm() functions in arch/riscv/mm/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper privilege management
EUVDB-ID: #VU103139
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57931
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the services_compute_xperms_decision() function in security/selinux/ss/services.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU102108
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56599
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath10k_sdio_remove() function in drivers/net/wireless/ath/ath10k/sdio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU102932
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57897
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the svm_migrate_copy_to_vram() and svm_migrate_copy_to_ram() functions in drivers/gpu/drm/amd/amdkfd/kfd_migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU102931
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57903
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_setsockopt() function in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU103032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57918
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the remove_all_phantom_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_mall_phantom.c, within the dc_state_add_plane(), dc_state_rem_all_planes_for_stream() and dc_state_rem_all_phantom_planes_for_stream() functions in drivers/gpu/drm/amd/display/dc/core/dc_state.c, within the commit_minimal_transition_based_on_current_context() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU102906
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57795
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_query_port(), rxe_enable_driver(), INIT_RDMA_OBJ_SIZE() and rxe_register_device() functions in drivers/infiniband/sw/rxe/rxe_verbs.c, within the rxe_parent_name(), rxe_net_add() and rxe_port_down() functions in drivers/infiniband/sw/rxe/rxe_net.c, within the rxe_mcast_add() function in drivers/infiniband/sw/rxe/rxe_mcast.c, within the rxe_dealloc(), rxe_init_device_param(), rxe_init_port_param() and rxe_set_mtu() functions in drivers/infiniband/sw/rxe/rxe.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU102077
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56662
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU103026
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21639
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() and proc_sctp_do_rto_min() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Resource management error
EUVDB-ID: #VU102984
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55881
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the complete_hypercall_exit() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU102935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57889
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ARRAY_SIZE(), mcp_pinconf_get() and mcp_pinconf_set() functions in drivers/pinctrl/pinctrl-mcp23s08.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU102909
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zone_reclaimable_pages() function in mm/vmscan.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU103125
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57934
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __ftrace_return_to_handler() function in kernel/trace/fgraph.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Resource management error
EUVDB-ID: #VU102972
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39282
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the t7xx_fsm_broadcast_state(), fsm_main_thread() and t7xx_fsm_append_cmd() functions in drivers/net/wwan/t7xx/t7xx_state_monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Double free
EUVDB-ID: #VU102191
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56718
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the smcr_link_down_cond_sched() and smc_link_down_work() functions in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Memory leak
EUVDB-ID: #VU101992
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56644
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ip6_negative_advice() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Resource management error
EUVDB-ID: #VU102403
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56760
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __pci_enable_msi_range() function in drivers/pci/msi/msi.c, within the pci_msi_domain_supports() function in drivers/pci/msi/irqdomain.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU102941
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43098
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i3c_device_uevent() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU102949
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47143
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_unmap() function in kernel/dma/debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU102939
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55642
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the BLK_ZONE_WPLUG_PLUGGED(), blkdev_report_zones(), disk_put_zone_wplug(), disk_should_remove_zone_wplug(), INIT_HLIST_NODE(), disk_zone_wplug_abort(), disk_zone_wplug_sync_wp_offset(), blk_zone_wplug_handle_reset_or_finish(), blk_zone_wplug_handle_reset_all(), blk_zone_wplug_prepare_bio(), blk_zone_wplug_handle_write(), disk_zone_wplug_unplug_bio(), blk_zone_write_plug_bio_endio(), blk_zone_wplug_bio_work(), disk_zone_wplugs_hash_size(), disk_free_zone_resources(), blk_revalidate_seq_zone() and blk_revalidate_disk_zones() functions in block/blk-zoned.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU102115
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56634
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the grgpio_probe() function in drivers/gpio/gpio-grgpio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Memory leak
EUVDB-ID: #VU101997
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56564
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the send_flush_mdlog() and ceph_mds_check_access() functions in fs/ceph/mds_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Input validation error
EUVDB-ID: #VU102407
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56768
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the BPF_MOV32_IMM() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU102117
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56649
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Division by zero
EUVDB-ID: #VU103042
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57919
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dm_get_plane_scale() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) NULL pointer dereference
EUVDB-ID: #VU102112
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56620
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufs_qcom_probe() function in drivers/ufs/host/ufs-qcom.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Resource management error
EUVDB-ID: #VU102244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56625
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the can_set_termination() function in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper locking
EUVDB-ID: #VU102161
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56655
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_tables_newtable(), nf_tables_rule_destroy(), nf_tables_deactivate_set(), __nft_release_basechain_now() and __nft_release_basechain() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU102478
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56772
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kunit_debugfs_create_suite() function in lib/kunit/debugfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU103024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU102111
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56617
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the last_level_cache_is_valid(), populate_cache_leaves() and init_level_allocate_ci() functions in drivers/base/cacheinfo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Input validation error
EUVDB-ID: #VU102989
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57879
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iso_listen_bis() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Memory leak
EUVDB-ID: #VU101986
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56715
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ionic_lif_register() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Input validation error
EUVDB-ID: #VU102278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56550
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch_stack_walk_user_common() function in arch/s390/kernel/stacktrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU102917
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50051
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpc52xx_spi_remove() function in drivers/spi/spi-mpc52xx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Input validation error
EUVDB-ID: #VU102189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the free_pte_table(), free_pmd_table() and remove_pud_mapping() functions in arch/riscv/mm/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Memory leak
EUVDB-ID: #VU102900
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-51729
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the folio_zero_user() function in mm/memory.c, within the copy_user_large_folio() and hugetlb_mfill_atomic_pte() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds read
EUVDB-ID: #VU103120
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21664
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_first_thin() function in drivers/md/dm-thin.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU103031
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21649
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hclge_ptp_set_tx_info() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU102020
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56605
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Input validation error
EUVDB-ID: #VU102283
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56622
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the read_req_latency_avg_show() and write_req_latency_avg_show() functions in drivers/ufs/core/ufs-sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Input validation error
EUVDB-ID: #VU102282
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56591
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_conn_del() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) NULL pointer dereference
EUVDB-ID: #VU102487
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56782
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_quirk_skip_serdev_enumeration() function in drivers/acpi/x86/utils.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU102908
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_esw_for_each_rep() function in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c, within the mlx5_esw_ipsec_restore_dest_uplink() function in drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU102034
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56664
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_map_lookup_sys() function in net/core/sock_map.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Resource management error
EUVDB-ID: #VU103044
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57916
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU102928
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53680
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU103010
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57926
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_dev_put() function in drivers/gpu/drm/mediatek/mtk_drm_drv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Race condition
EUVDB-ID: #VU102219
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56637
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the find_set_type() function in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper error handling
EUVDB-ID: #VU102401
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56769
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the MODULE_PARM_DESC() function in drivers/media/dvb-frontends/dib3000mb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Reachable assertion
EUVDB-ID: #VU103038
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57924
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Out-of-bounds read
EUVDB-ID: #VU102079
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56648
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fill_frame_info() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Memory leak
EUVDB-ID: #VU102896
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57872
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ufshcd_pltfrm_remove() function in drivers/ufs/host/ufshcd-pltfrm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU102107
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_sdiod_sgtable_alloc() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Resource management error
EUVDB-ID: #VU103049
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57913
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the functionfs_bind() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Input validation error
EUVDB-ID: #VU102986
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53682
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the AXP_DESC() and AXP_DESC_RANGES() functions in drivers/regulator/axp20x-regulator.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU102122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56670
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gs_start_io() function in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use-after-free
EUVDB-ID: #VU102397
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56767
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the at_xdmac_prep_dma_memset() function in drivers/dma/at_xdmac.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU102486
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56778
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_hqvdp_atomic_check() function in drivers/gpu/drm/sti/sti_hqvdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU102485
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56777
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_gdp_atomic_check() function in drivers/gpu/drm/sti/sti_gdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) NULL pointer dereference
EUVDB-ID: #VU103122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21658
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Resource management error
EUVDB-ID: #VU103051
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21646
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the afs_deliver_yfsvl_get_cell_name() function in fs/afs/vlclient.c, within the afs_vl_get_cell_name() and yfs_check_canonical_cell_name() functions in fs/afs/vl_alias.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper locking
EUVDB-ID: #VU102948
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48875
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_map_block() function in fs/btrfs/volumes.c, within the btrfs_dev_replace_start() and list_add() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) NULL pointer dereference
EUVDB-ID: #VU102398
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56758
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the relocate_one_folio() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU102019
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56604
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rfcomm_sock_alloc() function in net/bluetooth/rfcomm/sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Resource management error
EUVDB-ID: #VU102495
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56787
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx8mq_soc_revision_from_atf(), imx8mq_soc_revision(), imx8mm_soc_uid(), kasprintf(), imx8_soc_init() and kfree() functions in drivers/soc/imx/soc-imx8m.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU102044
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56581
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_ref_tree_mod() function in fs/btrfs/ref-verify.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) NULL pointer dereference
EUVDB-ID: #VU103022
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21635
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ATOMIC_INIT(), sizeof(), rds_tcp_sysctl_reset() and rds_tcp_skbuf_handler() functions in net/rds/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Resource management error
EUVDB-ID: #VU102228
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56641
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smc_sk_init(), smc_connect_rdma(), smc_connect_ism() and smc_listen_work() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Out-of-bounds read
EUVDB-ID: #VU102076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56608
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dcn21_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Memory leak
EUVDB-ID: #VU102894
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57885
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_unreferenced() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Incorrect calculation
EUVDB-ID: #VU102256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56716
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nsim_dev_health_break_write() function in drivers/net/netdevsim/health.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper Initialization
EUVDB-ID: #VU102221
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56671
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the gnr_gpio_irq_set_type() and gnr_gpio_probe() functions in drivers/gpio/gpio-graniterapids.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Improper locking
EUVDB-ID: #VU102171
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56559
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the decay_va_pool_node() and purge_vmap_node() functions in mm/vmalloc.c, within the kasan_depopulate_vmalloc_pte() and kasan_release_vmalloc() functions in mm/kasan/shadow.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU103012
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21633
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_sq_thread() function in io_uring/sqpoll.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Improper error handling
EUVDB-ID: #VU102959
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56372
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tun_napi_alloc_frags() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Buffer overflow
EUVDB-ID: #VU102977
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57888
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the workqueue_softirq_dead(), __flush_workqueue() and start_flush_work() functions in kernel/workqueue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use-after-free
EUVDB-ID: #VU102023
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56623
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2x00_do_dpc() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) NULL pointer dereference
EUVDB-ID: #VU103025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21638
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_alpha_beta() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Use-after-free
EUVDB-ID: #VU102016
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv6/af_inet6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Input validation error
EUVDB-ID: #VU102186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56647
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the icmp_route_lookup() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Input validation error
EUVDB-ID: #VU103142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the netdev_nl_napi_fill_one() and netdev_nl_napi_get_doit() functions in net/core/netdev-genl.c, within the dev_fill_forward_path() and napi_complete_done() functions in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Input validation error
EUVDB-ID: #VU102995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41935
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __grab_extent_tree(), __destroy_extent_node(), __update_extent_tree_range(), write_unlock(), __shrink_extent_tree(), f2fs_shrink_age_extent_tree(), f2fs_destroy_extent_node() and __drop_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Memory leak
EUVDB-ID: #VU101994
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56624
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the put_unused_fd() function in drivers/iommu/iommufd/fault.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) NULL pointer dereference
EUVDB-ID: #VU102125
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56574
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ts2020_regmap_unlock() function in drivers/media/dvb-frontends/ts2020.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Buffer overflow
EUVDB-ID: #VU103047
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21648
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_ct_alloc_hashtable() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU102113
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56621
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufshcd_remove() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Improper locking
EUVDB-ID: #VU102942
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54460
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iso_listen_bis() and iso_sock_listen() functions in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper error handling
EUVDB-ID: #VU102201
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56659
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/lapb.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) NULL pointer dereference
EUVDB-ID: #VU102924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47141
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pr_fmt(), pinmux_can_be_used_for_gpio(), pin_request(), pin_free(), pinmux_enable_setting(), pinmux_disable_setting() and pinmux_pins_show() functions in drivers/pinctrl/pinmux.c, within the pinctrl_register_one_pin() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Input validation error
EUVDB-ID: #VU102987
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57805
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hda_dai_get_ops(), hda_link_dma_cleanup(), hda_dai_hw_free(), hda_dai_trigger() and hda_dai_suspend() functions in sound/soc/sof/intel/hda-dai.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Buffer overflow
EUVDB-ID: #VU102978
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57792
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the set_charge_current_limit() function in drivers/power/supply/gpio-charger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) NULL pointer dereference
EUVDB-ID: #VU102922
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45828
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hci_dma_cleanup() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Buffer overflow
EUVDB-ID: #VU102966
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53681
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvmet_root_discovery_nqn_store() function in drivers/nvme/target/configfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU102127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56568
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_smmu_probe_device() function in drivers/iommu/arm/arm-smmu/arm-smmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Use-after-free
EUVDB-ID: #VU102395
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56764
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ublk_unquiesce_dev(), ublk_stop_dev() and ublk_ctrl_start_dev() functions in drivers/block/ublk_drv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Out-of-bounds read
EUVDB-ID: #VU103015
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21650
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hclgevf_get_regs_len() and hclgevf_get_regs() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_regs.c, within the hclge_fetch_pf_reg() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Use-after-free
EUVDB-ID: #VU102015
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56601
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv4/af_inet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Input validation error
EUVDB-ID: #VU102187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56663
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the NLA_POLICY_NESTED_ARRAY() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Buffer overflow
EUVDB-ID: #VU103138
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21660
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ksmbd_vfs_kern_path_locked() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Resource management error
EUVDB-ID: #VU102981
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21629
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the skb_csum_hwoffload_help() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Out-of-bounds read
EUVDB-ID: #VU102088
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56595
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Input validation error
EUVDB-ID: #VU103478
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57917
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an unspecified issue in drivers/base/topology.c. A local user can gain access to sensitive information.
Update the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Improper locking
EUVDB-ID: #VU102945
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53685
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/ceph/mds_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) NULL pointer dereference
EUVDB-ID: #VU102921
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57882
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mptcp_established_options_add_addr() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU102933
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57894
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sco_connect_ind() and sco_connect_cfm() functions in net/bluetooth/sco.c, within the rfcomm_run() and rfcomm_security_cfm() functions in net/bluetooth/rfcomm/core.c, within the l2cap_global_fixed_chan(), l2cap_connect_cfm() and l2cap_disconn_ind() functions in net/bluetooth/l2cap_core.c, within the iso_match() function in net/bluetooth/iso.c, within the DEFINE_RWLOCK(), hci_register_cb() and hci_unregister_cb() functions in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use-after-free
EUVDB-ID: #VU102030
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56651
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hi3110_can_ist() function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Resource management error
EUVDB-ID: #VU102246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56657
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the snd_ctl_led_sysfs_add() function in sound/core/control_led.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Improper locking
EUVDB-ID: #VU102936
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57876
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_dp_mst_topology_mgr_set_mst(), EXPORT_SYMBOL(), update_msg_rx_state() and drm_dp_mst_hpd_irq_handle_event() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Resource management error
EUVDB-ID: #VU102242
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56717
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocelot_ifh_set_basic() function in drivers/net/ethernet/mscc/ocelot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Input validation error
EUVDB-ID: #VU103143
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57935
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the put_dip_ctx_idx() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) NULL pointer dereference
EUVDB-ID: #VU102121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56667
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the capture_engine() function in drivers/gpu/drm/i915/i915_gpu_error.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Memory leak
EUVDB-ID: #VU103006
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vcnl4035_trigger_consumer_handler() function in drivers/iio/light/vcnl4035.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Memory leak
EUVDB-ID: #VU102902
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57793
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the alloc_quote_buf() function in drivers/virt/coco/tdx-guest/tdx-guest.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Use-after-free
EUVDB-ID: #VU102024
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56631
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Input validation error
EUVDB-ID: #VU102185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56638
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_inner_parse() and nft_inner_parse_needed() functions in net/netfilter/nft_inner.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) NULL pointer dereference
EUVDB-ID: #VU103027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21640
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Memory leak
EUVDB-ID: #VU101988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56710
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __ceph_sync_read() and ceph_direct_read_write() functions in fs/ceph/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Resource management error
EUVDB-ID: #VU102243
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56583
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the enqueue_dl_entity() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Buffer overflow
EUVDB-ID: #VU102213
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56557
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the __aligned() function in drivers/iio/adc/ad7923.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Use-after-free
EUVDB-ID: #VU102033
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56658
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Memory leak
EUVDB-ID: #VU103009
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ssp_get() function in arch/x86/kernel/fpu/regset.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Integer underflow
EUVDB-ID: #VU102210
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56645
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the j1939_session_new() function in net/can/j1939/transport.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) NULL pointer dereference
EUVDB-ID: #VU102116
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the inet6_rtm_deladdr(), modify_prefix_route() and inet6_addr_modify() functions in net/ipv6/addrconf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Use-after-free
EUVDB-ID: #VU102027
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56640
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_listen_out() and smc_listen_work() functions in net/smc/af_smc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) NULL pointer dereference
EUVDB-ID: #VU103121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57944
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ads1298_init() function in drivers/iio/adc/ti-ads1298.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Out-of-bounds read
EUVDB-ID: #VU102085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Use-after-free
EUVDB-ID: #VU102910
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the siw_query_device(), siw_query_port() and siw_query_qp() functions in drivers/infiniband/sw/siw/siw_verbs.c, within the siw_device_create(), siw_netdev_event() and siw_newlink() functions in drivers/infiniband/sw/siw/siw_main.c, within the siw_create_listen() and siw_cep_set_free_and_put() functions in drivers/infiniband/sw/siw/siw_cm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Improper locking
EUVDB-ID: #VU102155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56709
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_queue_iowq() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Incorrect calculation
EUVDB-ID: #VU102257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56654
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the hci_le_create_big_complete_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Improper error handling
EUVDB-ID: #VU102957
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the IMX_PCIE_FLAG_HAS_SERDES BIT(), imx_pcie_suspend_noirq() and imx_pcie_resume_noirq() functions in drivers/pci/controller/dwc/pci-imx6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Resource management error
EUVDB-ID: #VU102980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57895
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the set_file_basic_info() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Resource management error
EUVDB-ID: #VU105426
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21834
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the seccomp_is_const_allow() and seccomp_log() functions in kernel/seccomp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Resource management error
EUVDB-ID: #VU102404
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56763
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tracing_cpumask_write() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) NULL pointer dereference
EUVDB-ID: #VU102927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cache_set_flush() function in drivers/md/bcache/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Memory leak
EUVDB-ID: #VU102892
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57841
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_conn_request() function in net/ipv4/tcp_input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Memory leak
EUVDB-ID: #VU102899
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57878
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fpmr_set() function in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) NULL pointer dereference
EUVDB-ID: #VU102483
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56774
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Input validation error
EUVDB-ID: #VU102990
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57791
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_wait_msg() function in net/smc/smc_clc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) NULL pointer dereference
EUVDB-ID: #VU102124
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56575
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mxc_jpeg_detach_pm_domains() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Use-after-free
EUVDB-ID: #VU102022
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56619
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Input validation error
EUVDB-ID: #VU102280
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56570
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ovl_dentry_init_flags() function in fs/overlayfs/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Out-of-bounds read
EUVDB-ID: #VU102082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56616
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drm_dp_decode_sideband_msg_hdr() function in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) NULL pointer dereference
EUVDB-ID: #VU102126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56569
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ftrace_mod_callback() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) NULL pointer dereference
EUVDB-ID: #VU103023
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21636
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_udp_port() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Memory leak
EUVDB-ID: #VU101996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56572
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the allocate_buffers_internal() function in drivers/media/platform/allegro-dvt/allegro-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Improper locking
EUVDB-ID: #VU102172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56552
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the handle_sched_done() function in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Out-of-bounds read
EUVDB-ID: #VU102087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56596
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the jfs_readdir() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Reachable assertion
EUVDB-ID: #VU103039
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21654
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_connect_layer(), ovl_check_encode_origin(), ovl_dentry_to_fid() and ovl_encode_fh() functions in fs/overlayfs/export.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Double free
EUVDB-ID: #VU102193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56573
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the efi_handle_cmdline() function in drivers/firmware/efi/libstub/efi-stub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Out-of-bounds read
EUVDB-ID: #VU102481
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56784
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dcn35_notify_host_router_bw() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Out-of-bounds read
EUVDB-ID: #VU102081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56626
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_write() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Use-after-free
EUVDB-ID: #VU102029
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56642
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bearer() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Memory leak
EUVDB-ID: #VU101989
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56643
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dccp_feat_change_recv() function in net/dccp/feat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Use-after-free
EUVDB-ID: #VU102009
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56719
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Memory leak
EUVDB-ID: #VU101993
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvme_stop_keep_alive() function in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Resource management error
EUVDB-ID: #VU102982
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57839
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the page_cache_ra_order() function in mm/readahead.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Improper error handling
EUVDB-ID: #VU102206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56578
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mxc_jpeg_probe() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Integer underflow
EUVDB-ID: #VU102965
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53690
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nilfs_lookup() function in fs/nilfs2/namei.c, within the nilfs_iget() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Improper locking
EUVDB-ID: #VU102165
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56609
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtw_usb_tx_handler() and rtw_usb_deinit_tx() functions in drivers/net/wireless/realtek/rtw88/usb.c, within the rtw_sdio_deinit_tx() function in drivers/net/wireless/realtek/rtw88/sdio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Input validation error
EUVDB-ID: #VU102279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56562
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i3c_master_put_i3c_addrs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Improper locking
EUVDB-ID: #VU102168
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cq_thread_v3_hw() function in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Resource management error
EUVDB-ID: #VU102492
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56781
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fixup_device_tree_chrp(), fixup_device_tree_pmac() and fixup_device_tree() functions in arch/powerpc/kernel/prom_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Use-after-free
EUVDB-ID: #VU102035
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56672
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the blkcg_unpin_online() function in block/blk-cgroup.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Memory leak
EUVDB-ID: #VU102476
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56775
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the restore_planes_and_stream_state() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Input validation error
EUVDB-ID: #VU102274
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56713
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nsim_pp_hold_write() function in drivers/net/netdevsim/netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) NULL pointer dereference
EUVDB-ID: #VU102105
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56580
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the camss_configure_pd() function in drivers/media/platform/qcom/camss/camss.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Memory leak
EUVDB-ID: #VU102897
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57874
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tagged_addr_ctrl_get() and tagged_addr_ctrl_set() functions in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Division by zero
EUVDB-ID: #VU102970
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56369
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the EXPORT_SYMBOL() and drm_mode_vrefresh() functions in drivers/gpu/drm/drm_modes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) NULL pointer dereference
EUVDB-ID: #VU102093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56711
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hx83102_get_modes() function in drivers/gpu/drm/panel/panel-himax-hx83102.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Resource management error
EUVDB-ID: #VU103046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21651
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hclge_misc_irq_init(), hclge_init_ae_dev() and hclge_uninit_ae_dev() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Use-after-free
EUVDB-ID: #VU102038
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56584
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_init_wq_offload() function in io_uring/tctx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Resource management error
EUVDB-ID: #VU103048
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57904
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the at91_ts_register() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Use-after-free
EUVDB-ID: #VU102916
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54680
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_get_tcp_session(), cifs_crypto_secmech_release(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) NULL pointer dereference
EUVDB-ID: #VU102123
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56577
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_jpegdec_hw_init_irq() and mtk_jpegdec_hw_probe() functions in drivers/media/platform/mediatek/jpeg/mtk_jpeg_dec_hw.c, within the mtk_jpeg_single_core_init() and mtk_jpeg_probe() functions in drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Use-after-free
EUVDB-ID: #VU102042
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56558
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Improper locking
EUVDB-ID: #VU102489
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dquot_writeback_dquots() function in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Improper locking
EUVDB-ID: #VU105671
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58087
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_session_id(), smb2_check_user_session(), smb2_sess_setup(), smb2_session_logoff() and smb3_decrypt_req() functions in fs/ksmbd/smb2pdu.c, within the ksmbd_session_lookup() and ksmbd_session_lookup_slowpath() functions in fs/ksmbd/mgmt/user_session.c, within the ksmbd_get_encryption_key() function in fs/ksmbd/auth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Use-after-free
EUVDB-ID: #VU102905
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57892
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brelse() function in fs/ocfs2/quota_local.c, within the ocfs2_get_next_id() function in fs/ocfs2/quota_global.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) NULL pointer dereference
EUVDB-ID: #VU103030
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21644
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xe_gt_tlb_fence_timeout() function in drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c, within the xe_gt_init_early() and xe_gt_init() functions in drivers/gpu/drm/xe/xe_gt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Memory leak
EUVDB-ID: #VU103007
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57911
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_simple_dummy_trigger_h() function in drivers/iio/dummy/iio_simple_dummy_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Improper error handling
EUVDB-ID: #VU102205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56579
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vpu_add_func() function in drivers/media/platform/amphion/vpu_v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Improper locking
EUVDB-ID: #VU103130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21663
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the MAC_SBD_INTR BIT(), tegra_mgbe_resume() and tegra_mgbe_probe() functions in drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Improper locking
EUVDB-ID: #VU102163
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56618
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the imx_pgc_power_up() function in drivers/pmdomain/imx/gpcv2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Double free
EUVDB-ID: #VU102400
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56766
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the atmel_pmecc_create_user() function in drivers/mtd/nand/raw/atmel/pmecc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Use-after-free
EUVDB-ID: #VU102032
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56653
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btmtk_process_coredump() function in drivers/bluetooth/btmtk.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Incorrect calculation
EUVDB-ID: #VU103087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21655
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the io_queue_deferred() and io_eventfd_ops() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Memory leak
EUVDB-ID: #VU101990
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56669
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the device_block_translation() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Use-after-free
EUVDB-ID: #VU102393
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56759
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_force_cow_block() and btrfs_cow_block() functions in fs/btrfs/ctree.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Improper locking
EUVDB-ID: #VU102947
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48876
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stack_depot_save_flags() function in lib/stackdepot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Use-after-free
EUVDB-ID: #VU103011
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21631
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_waker_bfqq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Use-after-free
EUVDB-ID: #VU102396
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56765
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vas_mmap_fault() function in arch/powerpc/platforms/book3s/vas-api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Resource management error
EUVDB-ID: #VU102490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56770
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tfifo_reset(), tfifo_enqueue(), netem_enqueue() and netem_dequeue() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Improper error handling
EUVDB-ID: #VU102958
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57838
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch_init_kprobes() function in arch/s390/kernel/kprobes.c, within the SYM_CODE_START() function in arch/s390/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Improper locking
EUVDB-ID: #VU103035
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cpuset_write_resmask() function in kernel/cgroup/cpuset.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Out-of-bounds read
EUVDB-ID: #VU102078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56650
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the led_tg_check() function in net/netfilter/xt_LED.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Improper locking
EUVDB-ID: #VU103126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57939
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_SPINLOCK() and die() functions in arch/riscv/kernel/traps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Use-after-free
EUVDB-ID: #VU102021
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56606
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Improper locking
EUVDB-ID: #VU102164
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56610
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), kcsan_skip_report_debugfs(), set_report_filterlist_whitelist(), insert_report_filterlist() and show_info() functions in kernel/kcsan/debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Improper locking
EUVDB-ID: #VU103129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cmd_work_handler() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Resource management error
EUVDB-ID: #VU102494
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56785
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/mips/boot/dts/loongson/ls7a-pch.dtsi. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) NULL pointer dereference
EUVDB-ID: #VU102929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55916
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the util_probe() function in drivers/hv/hv_util.c, within the hv_vss_init() function in drivers/hv/hv_snapshot.c, within the hv_kvp_init() function in drivers/hv/hv_kvp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Improper locking
EUVDB-ID: #VU103036
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21643
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netfs_unbuffered_write_iter_locked() function in fs/netfs/direct_write.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) Improper error handling
EUVDB-ID: #VU102204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56586
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_write_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Use-after-free
EUVDB-ID: #VU102045
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56582
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_encoded_read_endio() function in fs/btrfs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) Out-of-bounds read
EUVDB-ID: #VU102084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56614
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_map_delete_elem() function in net/xdp/xskmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Input validation error
EUVDB-ID: #VU102952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49571
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_msg_prop_valid() function in net/smc/smc_clc.c, within the smc_listen_prfx_check() and smc_find_ism_v1_device_serv() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Improper locking
EUVDB-ID: #VU102946
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49569
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_stop_keep_alive() function in drivers/nvme/host/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) Use-after-free
EUVDB-ID: #VU102915
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_dp_mst_up_req_work() and drm_dp_mst_handle_up_req() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) Use-after-free
EUVDB-ID: #VU102025
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56633
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Improper locking
EUVDB-ID: #VU102940
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55641
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xfs_trans_cancel() function in fs/xfs/xfs_trans.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Out-of-bounds read
EUVDB-ID: #VU103014
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21647
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cake_ddst(), cake_enqueue() and cake_dequeue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Use-after-free
EUVDB-ID: #VU103013
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21652
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the default_operstate() function in net/core/link_watch.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) Input validation error
EUVDB-ID: #VU102406
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56757
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the btusb_mtk_claim_iso_intf(), btusb_mtk_release_iso_intf(), btusb_mtk_reset(), btusb_mtk_setup() and btusb_probe() functions in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Out-of-bounds read
EUVDB-ID: #VU102086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56597
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Infinite loop
EUVDB-ID: #VU102971
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47794
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the bpf_attach_type_to_tramp(), __bpf_trampoline_link_prog(), __bpf_trampoline_unlink_prog(), bpf_shim_tramp_link_release() and bpf_trampoline_link_cgroup_shim() functions in kernel/bpf/trampoline.c, within the bpf_tracing_link_release() and bpf_tracing_prog_attach() functions in kernel/bpf/syscall.c, within the bpf_prog_alloc_no_stats() function in kernel/bpf/core.c, within the prog_fd_array_get_ptr() function in kernel/bpf/arraymap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Improper error handling
EUVDB-ID: #VU102956
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57902
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the packet_current_frame() and vlan_get_tci() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) NULL pointer dereference
EUVDB-ID: #VU103019
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57925
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_send_interim_resp() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Improper locking
EUVDB-ID: #VU102937
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54683
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the idletimer_tg_destroy() and idletimer_tg_destroy_v1() functions in net/netfilter/xt_IDLETIMER.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) Integer overflow
EUVDB-ID: #VU103133
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57938
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the sctp_association_init() function in net/sctp/associola.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Out-of-bounds read
EUVDB-ID: #VU102083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56615
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Memory leak
EUVDB-ID: #VU103002
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57906
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ads8688_trigger_handler() function in drivers/iio/adc/ti-ads8688.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Resource management error
EUVDB-ID: #VU102975
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53687
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/riscv/include/asm/kfence.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Integer overflow
EUVDB-ID: #VU102964
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57899
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_mbss_info_change_notify() function in net/mac80211/mesh.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Input validation error
EUVDB-ID: #VU102496
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56783
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_socket_cgroup_subtree_level() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Use-after-free
EUVDB-ID: #VU102480
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56786
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_link_inc() and bpf_link_free() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) Use-after-free
EUVDB-ID: #VU102026
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56635
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the default_operstate() function in net/core/link_watch.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Use-after-free
EUVDB-ID: #VU102039
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56551
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_vce_sw_fini() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c, within the amdgpu_device_fini_sw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) Use-after-free
EUVDB-ID: #VU102054
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53179
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_get_sign_key(), smb2_find_smb_ses_unlocked(), smb2_calc_signature() and smb3_calc_signature() functions in fs/smb/client/smb2transport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) NULL pointer dereference
EUVDB-ID: #VU102106
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56588
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the debugfs_to_reg_name_v3_hw(), debugfs_global_v3_hw_show(), debugfs_axi_v3_hw_show(), debugfs_ras_v3_hw_show(), debugfs_port_v3_hw_show(), debugfs_cq_v3_hw_show(), debugfs_dq_show_slot_v3_hw(), debugfs_iost_v3_hw_show(), debugfs_iost_cache_v3_hw_show(), debugfs_itct_v3_hw_show(), debugfs_itct_cache_v3_hw_show(), debugfs_create_files_v3_hw(), debugfs_release_v3_hw(), debugfs_snapshot_regs_v3_hw(), debugfs_bist_init_v3_hw() and debugfs_init_v3_hw() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) Input validation error
EUVDB-ID: #VU102950
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47408
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_find_ism_v2_device_serv() function in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) Use-after-free
EUVDB-ID: #VU102912
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpumsf_pmu_stop() function in arch/s390/kernel/perf_cpum_sf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) Buffer overflow
EUVDB-ID: #VU102969
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52319
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the process_huge_page() function in mm/memory.c, within the hugetlbfs_fallocate() function in fs/hugetlbfs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
256) Resource management error
EUVDB-ID: #VU102229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56576
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
257) Memory leak
EUVDB-ID: #VU103001
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57905
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ads1119_trigger_handler() function in drivers/iio/adc/ti-ads1119.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
258) Improper locking
EUVDB-ID: #VU103127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57946
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtblk_remove() and virtblk_restore() functions in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
259) Improper locking
EUVDB-ID: #VU102166
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56607
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_mac_op_set_bitrate_mask() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
260) Reachable assertion
EUVDB-ID: #VU102953
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57806
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the btrfs_quota_enable() and spin_lock() functions in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
261) NULL pointer dereference
EUVDB-ID: #VU103124
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57933
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_xsk_pool_enable(), gve_xsk_pool_disable() and gve_xsk_wakeup() functions in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
262) Input validation error
EUVDB-ID: #VU102991
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55639
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rswitch_device_alloc(), of_node_put() and rswitch_device_free() functions in drivers/net/ethernet/renesas/rswitch.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
263) Use-after-free
EUVDB-ID: #VU102043
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56561
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in drivers/pci/endpoint/pci-epc-core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
264) NULL pointer dereference
EUVDB-ID: #VU102926
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48873
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_update_6ghz_rnr_chan() function in drivers/net/wireless/realtek/rtw89/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
265) Resource management error
EUVDB-ID: #VU102974
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52332
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igb_init_module() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
266) Resource management error
EUVDB-ID: #VU103045
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21645
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amd_pmc_suspend_handler() function in drivers/platform/x86/amd/pmc/pmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
267) Use-after-free
EUVDB-ID: #VU102017
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56602
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
268) Input validation error
EUVDB-ID: #VU102281
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56590
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_tx_work() and hci_acldata_packet() functions in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
269) NULL pointer dereference
EUVDB-ID: #VU102930
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57799
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rk_hdptx_phy_probe() function in drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
270) NULL pointer dereference
EUVDB-ID: #VU103021
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_ablock() function in drivers/md/persistent-data/dm-array.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
271) Improper error handling
EUVDB-ID: #VU102199
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56639
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the hsr_init_skb(), send_hsr_supervision_frame() and send_prp_supervision_frame() functions in net/hsr/hsr_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
272) Memory leak
EUVDB-ID: #VU101995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56613
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
273) Use-after-free
EUVDB-ID: #VU102036
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56675
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the perf_event_detach_bpf_prog() function in kernel/trace/bpf_trace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
274) Memory leak
EUVDB-ID: #VU103008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57912
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zpa2326_fill_sample_buffer() function in drivers/iio/pressure/zpa2326.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
275) Memory leak
EUVDB-ID: #VU102893
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57883
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the huge_pmd_share() and huge_pmd_unshare() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
276) Resource management error
EUVDB-ID: #VU102245
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56636
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the geneve_xmit_skb() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
277) Improper locking
EUVDB-ID: #VU102167
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56592
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the htab_elem_free(), free_htab_elem(), alloc_htab_elem(), htab_map_update_elem(), htab_map_delete_elem() and prealloc_lru_pop() functions in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
278) Use of uninitialized resource
EUVDB-ID: #VU102960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57802
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nr_route_frame() function in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
279) Input validation error
EUVDB-ID: #VU102992
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54455
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ivpu_bo_print_info() function in drivers/accel/ivpu/ivpu_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
280) Memory leak
EUVDB-ID: #VU103004
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57908
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmx61_trigger_handler() function in drivers/iio/imu/kmx61.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
281) Use-after-free
EUVDB-ID: #VU102018
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56603
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
282) Use-after-free
EUVDB-ID: #VU102913
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57875
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the disk_zone_is_conv(), disk_destroy_zone_wplugs_hash_table(), disk_free_zone_resources(), disk_update_zone_resources() and blk_revalidate_disk_zones() functions in block/blk-zoned.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
283) NULL pointer dereference
EUVDB-ID: #VU102482
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56773
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kunit_device_driver_test() function in lib/kunit/kunit-test.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
284) NULL pointer dereference
EUVDB-ID: #VU102925
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the validate_lock_args() function in fs/dlm/lock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
285) Improper error handling
EUVDB-ID: #VU102203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56630
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_get_init_inode() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
286) NULL pointer dereference
EUVDB-ID: #VU102104
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56587
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brightness_show() and max_brightness_show() functions in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
287) Out-of-bounds read
EUVDB-ID: #VU102080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56627
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
288) Improper locking
EUVDB-ID: #VU103033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57921
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_vram_mgr_new() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
289) NULL pointer dereference
EUVDB-ID: #VU102118
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56660
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dr_domain_add_vport_cap() function in drivers/net/ethernet/mellanox/mlx5/core/steering/sws/dr_domain.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
290) Resource management error
EUVDB-ID: #VU102491
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56771
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SPINAND_INFO() function in drivers/mtd/nand/spi/winbond.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
291) Memory leak
EUVDB-ID: #VU102895
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57886
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the damon_commit_targets() function in mm/damon/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
292) Use-after-free
EUVDB-ID: #VU102904
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57896
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
293) Improper locking
EUVDB-ID: #VU102938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57807
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the megasas_aen_polling() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
294) Memory leak
EUVDB-ID: #VU103003
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57907
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rockchip_saradc_trigger_handler() function in drivers/iio/adc/rockchip_saradc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
295) Input validation error
EUVDB-ID: #VU102951
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49568
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_msg_prop_valid() function in net/smc/smc_clc.c, within the smc_find_rdma_v2_device_serv() function in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
296) Input validation error
EUVDB-ID: #VU102993
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54193
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ivpu_pm_init() and ivpu_pm_enable() functions in drivers/accel/ivpu/ivpu_pm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
297) Use-after-free
EUVDB-ID: #VU102031
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56652
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the reg_sr_fini() and xe_reg_sr_add() functions in drivers/gpu/drm/xe/xe_reg_sr.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
298) Infinite loop
EUVDB-ID: #VU103134
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57940
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the exfat_readdir() function in fs/exfat/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
299) Input validation error
EUVDB-ID: #VU102988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57898
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_remove_link() function in net/wireless/util.c, within the ieee80211_del_intf_link() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
300) Improper error handling
EUVDB-ID: #VU102954
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57901
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vlan_get_tci() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
301) Improper error handling
EUVDB-ID: #VU102197
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56714
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ionic_dev_teardown() function in drivers/net/ethernet/pensando/ionic/ionic_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
302) Improper locking
EUVDB-ID: #VU102170
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56566
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_slab(), slab_fix() and alloc_single_from_partial() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
303) Memory leak
EUVDB-ID: #VU101998
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56563
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ceph_mds_check_access() function in fs/ceph/mds_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
304) Out-of-bounds read
EUVDB-ID: #VU102919
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __rb_map_vma() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
305) NULL pointer dereference
EUVDB-ID: #VU102109
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56611
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the migrate_to_node() function in mm/mempolicy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
306) NULL pointer dereference
EUVDB-ID: #VU102484
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56776
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_cursor_atomic_check() function in drivers/gpu/drm/sti/sti_cursor.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
307) Buffer overflow
EUVDB-ID: #VU102968
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57850
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the jffs2_rtime_decompress() function in fs/jffs2/compr_rtime.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
308) NULL pointer dereference
EUVDB-ID: #VU102114
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56629
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
309) Use-after-free
EUVDB-ID: #VU102911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57881
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the split_large_buddy() function in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
310) Use of uninitialized resource
EUVDB-ID: #VU102961
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57880
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sof_card_dai_links_create() function in sound/soc/intel/boards/sof_sdw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
311) Use-after-free
EUVDB-ID: #VU102903
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX() and ila_add_mapping() functions in net/ipv6/ila/ila_xlat.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency-hwe-6.11 to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-lowlatency-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-lowlatency-64k-hwe-24.04 (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency-64k (Ubuntu package): before 6.11.0-1011.12~24.04.1
linux-image-6.11.0-1011-lowlatency (Ubuntu package): before 6.11.0-1011.12~24.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_11_0-1011-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7381-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
