Ubuntu update for linux-realtime
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 108 |
| CVE-ID | CVE-2024-50182 CVE-2024-50020 CVE-2024-50060 CVE-2024-50074 CVE-2024-50193 CVE-2024-50117 CVE-2024-50201 CVE-2024-50033 CVE-2024-50056 CVE-2024-50026 CVE-2024-50059 CVE-2024-50041 CVE-2024-50083 CVE-2024-50038 CVE-2024-50229 CVE-2024-50028 CVE-2024-50183 CVE-2024-50196 CVE-2024-50029 CVE-2024-50093 CVE-2024-50188 CVE-2024-50025 CVE-2024-50200 CVE-2024-50068 CVE-2024-49920 CVE-2024-50198 CVE-2024-50035 CVE-2024-50042 CVE-2024-50023 CVE-2024-50047 CVE-2024-56582 CVE-2024-50090 CVE-2024-50062 CVE-2024-50073 CVE-2024-50063 CVE-2024-50098 CVE-2024-50197 CVE-2024-50040 CVE-2024-50180 CVE-2024-53170 CVE-2024-50087 CVE-2024-50031 CVE-2024-50202 CVE-2024-50058 CVE-2024-50186 CVE-2024-50134 CVE-2024-50194 CVE-2024-50075 CVE-2024-50046 CVE-2024-50078 CVE-2024-50066 CVE-2024-53156 CVE-2024-49893 CVE-2024-50021 CVE-2024-47711 CVE-2024-47726 CVE-2024-50024 CVE-2024-49865 CVE-2024-50064 CVE-2024-50049 CVE-2024-50171 CVE-2024-50019 CVE-2024-50077 CVE-2024-50199 CVE-2024-50072 CVE-2024-50069 CVE-2024-50048 CVE-2024-49972 CVE-2024-53165 CVE-2024-50022 CVE-2024-50084 CVE-2024-50185 CVE-2024-50055 CVE-2024-50187 CVE-2024-50009 CVE-2024-50082 CVE-2024-50085 CVE-2024-50095 CVE-2024-50195 CVE-2024-50080 CVE-2024-50076 CVE-2024-50088 CVE-2024-50039 CVE-2024-50044 CVE-2024-50030 CVE-2024-49968 CVE-2024-50148 CVE-2024-50192 CVE-2024-50032 CVE-2024-50061 CVE-2024-50233 CVE-2024-50099 CVE-2024-49921 CVE-2024-50184 CVE-2024-50065 CVE-2024-49914 CVE-2024-50027 CVE-2024-50070 CVE-2024-50086 CVE-2024-50189 CVE-2024-56614 CVE-2024-50057 CVE-2024-50096 CVE-2024-50045 CVE-2024-50036 CVE-2024-56663 CVE-2024-50191 CVE-2024-50101 |
| CWE-ID | CWE-119 CWE-388 CWE-667 CWE-125 CWE-399 CWE-476 CWE-908 CWE-20 CWE-665 CWE-362 CWE-682 CWE-835 CWE-415 CWE-617 CWE-401 CWE-416 CWE-200 CWE-369 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-6.8.1-1018-realtime (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 108 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU100147
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50182
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-6_8_1-1018-realtime_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper error handling
EUVDB-ID: #VU99064
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50020
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ice_sriov_set_msix_vec_count() and ice_sriov_get_irqs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU98994
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50060
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __io_cqring_overflow_flush() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU99445
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50074
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU100149
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50193
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/entry/entry_32.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU99818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50117
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU100151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU99082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50033
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU99204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50056
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the find_format_by_pix(), uvc_v4l2_try_format() and uvc_v4l2_enum_format() functions in drivers/usb/gadget/function/uvc_v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Initialization
EUVDB-ID: #VU99129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50026
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the wd33c93_intr() function in drivers/scsi/wd33c93.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Race condition
EUVDB-ID: #VU99125
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50059
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU98999
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50041
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU99458
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50083
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU99159
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50038
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU100183
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50229
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Incorrect calculation
EUVDB-ID: #VU99184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50028
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU100126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50183
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c, within the lpfc_cmpl_ct() function in drivers/scsi/lpfc/lpfc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Infinite loop
EUVDB-ID: #VU100142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50196
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Double free
EUVDB-ID: #VU99056
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50029
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the hci_enhanced_setup_sync() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU99842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50093
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU100138
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50188
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU99001
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50025
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Reachable assertion
EUVDB-ID: #VU100132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50200
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the mte_node_or_none(), mas_wr_walk(), mas_wr_walk_index() and mas_wr_spanning_store() functions in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU99438
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50068
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mm/damon/sysfs-test.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU98927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49920
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU100123
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50198
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use of uninitialized resource
EUVDB-ID: #VU99083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50035
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU99155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50042
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ice_vf_pre_vsi_rebuild() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c, within the ice_sriov_set_msix_vec_count() function in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU99196
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50023
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the phy_led_hw_is_supported() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU98995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU102045
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56582
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_encoded_read_endio() function in fs/btrfs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Reachable assertion
EUVDB-ID: #VU99830
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50090
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __xe_bb_create_job() function in drivers/gpu/drm/xe/xe_bb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU99039
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU99442
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Buffer overflow
EUVDB-ID: #VU99190
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50063
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU99823
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50098
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_wl_shutdown() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Memory leak
EUVDB-ID: #VU100119
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50197
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_platform_pinctrl_prepare_community() function in drivers/pinctrl/intel/pinctrl-intel-platform.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper error handling
EUVDB-ID: #VU99062
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50040
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU100137
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50180
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU102060
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53170
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the del_gendisk() function in block/genhd.c, within the blk_register_queue() function in block/blk-sysfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use of uninitialized resource
EUVDB-ID: #VU99455
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50087
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the replay_one_name() and check_item_in_log() functions in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Resource management error
EUVDB-ID: #VU99135
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50031
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Input validation error
EUVDB-ID: #VU100130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50202
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Input validation error
EUVDB-ID: #VU99205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50058
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU100122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50186
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sock_create() function in net/socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU99837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU100146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50194
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU99462
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_xusb_enter_elpg() function in drivers/usb/host/xhci-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU98996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50046
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper error handling
EUVDB-ID: #VU99454
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50078
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bt_exit() function in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper locking
EUVDB-ID: #VU99290
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50066
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the move_normal_pmd() function in mm/mremap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds read
EUVDB-ID: #VU101911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53156
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper error handling
EUVDB-ID: #VU99073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49893
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the commit_planes_for_stream_fast() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Incorrect calculation
EUVDB-ID: #VU99183
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50021
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the ice_dpll_init_rclk_pins() function in drivers/net/ethernet/intel/ice/ice_dpll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Use-after-free
EUVDB-ID: #VU98896
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47711
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the TEST_F() function in tools/testing/selftests/net/af_unix/msg_oob.c, within the manage_oob() and unix_ioctl() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper locking
EUVDB-ID: #VU99198
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47726
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_setattr() and f2fs_fallocate() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Infinite loop
EUVDB-ID: #VU99121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50024
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU98886
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49865
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xe_vm_create_ioctl() function in drivers/gpu/drm/xe/xe_vm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Information disclosure
EUVDB-ID: #VU99117
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50064
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the zram_destroy_comps() function in drivers/block/zram/zram_drv.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Input validation error
EUVDB-ID: #VU99203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Memory leak
EUVDB-ID: #VU100056
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Resource management error
EUVDB-ID: #VU99160
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50019
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper error handling
EUVDB-ID: #VU99453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50077
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iso_init() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use-after-free
EUVDB-ID: #VU100120
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50199
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unuse_mm() function in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Resource management error
EUVDB-ID: #VU99457
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50072
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/x86/include/asm/nospec-branch.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) NULL pointer dereference
EUVDB-ID: #VU99446
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50069
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_gpio_pinctrl_probe() function in drivers/pinctrl/pinctrl-apple-gpio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper error handling
EUVDB-ID: #VU99061
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50048
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use of uninitialized resource
EUVDB-ID: #VU99085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49972
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dc_state_create() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Use-after-free
EUVDB-ID: #VU102062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53165
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Buffer overflow
EUVDB-ID: #VU99154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50022
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dax_set_mapping() function in drivers/dax/device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Memory leak
EUVDB-ID: #VU99441
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50084
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Reachable assertion
EUVDB-ID: #VU100131
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50185
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Double free
EUVDB-ID: #VU99057
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50055
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Input validation error
EUVDB-ID: #VU100156
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50187
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) NULL pointer dereference
EUVDB-ID: #VU98923
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50009
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pstate_adjust_perf() and amd_pstate_init_prefcore() functions in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Improper locking
EUVDB-ID: #VU99451
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50082
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use-after-free
EUVDB-ID: #VU99443
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Improper locking
EUVDB-ID: #VU99828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50095
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Resource management error
EUVDB-ID: #VU100150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50195
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Memory leak
EUVDB-ID: #VU99439
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50080
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Buffer overflow
EUVDB-ID: #VU99460
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50076
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the con_font_get() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU99448
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50088
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the add_inode_ref() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Resource management error
EUVDB-ID: #VU99133
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50039
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper locking
EUVDB-ID: #VU98997
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50044
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper locking
EUVDB-ID: #VU99000
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50030
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_event_timeout() function in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Input validation error
EUVDB-ID: #VU99226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Resource management error
EUVDB-ID: #VU100087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50148
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Resource management error
EUVDB-ID: #VU100144
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50192
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Resource management error
EUVDB-ID: #VU99134
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50032
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kernel/rcu/tree_nocb.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Race condition
EUVDB-ID: #VU99126
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50061
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Division by zero
EUVDB-ID: #VU100200
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50233
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Improper locking
EUVDB-ID: #VU99824
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50099
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) NULL pointer dereference
EUVDB-ID: #VU98926
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49921
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Resource management error
EUVDB-ID: #VU100143
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50184
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper locking
EUVDB-ID: #VU98993
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50065
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_d_hash() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) NULL pointer dereference
EUVDB-ID: #VU98933
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49914
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Double free
EUVDB-ID: #VU99055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50027
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the thermal_zone_device_unregister() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) NULL pointer dereference
EUVDB-ID: #VU99447
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50070
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_gpiolib_register_bank() function in drivers/pinctrl/stm32/pinctrl-stm32.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Use-after-free
EUVDB-ID: #VU99444
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50086
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_check_user_session(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the __handle_ksmbd_work() function in fs/smb/server/server.c, within the ksmbd_expire_session(), ksmbd_session_lookup_slowpath(), ksmbd_session_lookup_all() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Buffer overflow
EUVDB-ID: #VU100145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50189
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Out-of-bounds read
EUVDB-ID: #VU102084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56614
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_map_delete_elem() function in net/xdp/xskmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Resource management error
EUVDB-ID: #VU99132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50057
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tps6598x_remove() function in drivers/usb/typec/tipd/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Buffer overflow
EUVDB-ID: #VU99843
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50096
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Input validation error
EUVDB-ID: #VU99038
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Incorrect calculation
EUVDB-ID: #VU99185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50036
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Input validation error
EUVDB-ID: #VU102187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56663
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the NLA_POLICY_NESTED_ARRAY() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Improper locking
EUVDB-ID: #VU100127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50191
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Input validation error
EUVDB-ID: #VU99847
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50101
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the domain_context_clear_one_cb() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-realtime to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-6.8.1-1018-realtime (Ubuntu package): before linux-image-realtime
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7383-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
