Ubuntu update for linux-oem-6.8

1) Improper access control

EUVDB-ID: #VU97651

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8805

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the implementation of the HID over GATT Profile. A remote attacker on the local network can bypass implemented security restrictions and execute arbitrary code on the target system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU104094

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0927

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hfs_bnode_read_key() function in HFS+ filesystem implementation. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU99151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU98927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49920

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU98875

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49945

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU98953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49944

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU98946

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49987

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the show_link_netfilter() function in tools/bpf/bpftool/net.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU100087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50148

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU99190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50063

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU99458

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50083

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU99169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49878

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU98851

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49870

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cachefiles_open_file(), fput() and cachefiles_look_up_object() functions in fs/cachefiles/namei.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU98970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49863

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU98926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49921

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU98883

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49992

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ltdc_crtc_atomic_print_state(), ltdc_plane_atomic_print_state(), ltdc_plane_create(), ltdc_crtc_init(), ltdc_encoder_init(), ltdc_load() and ltdc_unload() functions in drivers/gpu/drm/stm/ltdc.c, within the drv_load() function in drivers/gpu/drm/stm/drv.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU98900

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47691

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_shutdown() function in fs/f2fs/super.c, within the f2fs_ioc_abort_atomic_write(), f2fs_do_shutdown() and f2fs_ioc_shutdown() functions in fs/f2fs/file.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU98934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49913

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU99042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU99015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49976

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stop_kthread() and stop_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU99443

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50085

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU98963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49891

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU102084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56614

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xsk_map_delete_elem() function in net/xdp/xskmap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU99032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Incorrect calculation

EUVDB-ID: #VU99189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47703

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mark_reg_unknown(), check_packet_access(), check_ctx_access(), check_stack_access_within_bounds(), check_mem_access() and check_return_code() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c, within the BTF_SET_START() function in kernel/bpf/bpf_lsm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU100127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50191

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use of uninitialized resource

EUVDB-ID: #VU99455

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50087

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the replay_one_name() and check_item_in_log() functions in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU98924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49922

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU98877

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49960

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU99160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50019

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU99101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Memory leak

EUVDB-ID: #VU98862

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47677

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the exfat_create_upcase_table() function in fs/exfat/nls.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU98993

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50065

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_d_hash() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU99027

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47744

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), kvm_online_cpu(), hardware_disable_nolock(), hardware_disable_all_nolock(), hardware_enable_all() and kvm_suspend() functions in virt/kvm/kvm_main.c, within the cpus_read_lock() function in Documentation/virt/kvm/locking.rst. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU99226

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU99013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49985

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Input validation error

EUVDB-ID: #VU99045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47752

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_h264_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Input validation error

EUVDB-ID: #VU99219

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ident_pud_init() function in arch/x86/mm/ident_map.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper locking

EUVDB-ID: #VU100126

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50183

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c, within the lpfc_cmpl_ct() function in drivers/scsi/lpfc/lpfc_ct.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47709

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU99041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU98865

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49876

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the get_submit_wq(), xe_guc_submit_init(), __release_guc_id() and __guc_exec_queue_fini_async() functions in drivers/gpu/drm/xe/xe_guc_submit.c, within the xe_device_destroy() and xe_device_create() functions in drivers/gpu/drm/xe/xe_device.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper error handling

EUVDB-ID: #VU99073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49893

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the commit_planes_for_stream_fast() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Buffer overflow

EUVDB-ID: #VU99837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50134

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use of uninitialized resource

EUVDB-ID: #VU99085

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49972

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the dc_state_create() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU98872

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Buffer overflow

EUVDB-ID: #VU99099

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU99029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49856

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Double free

EUVDB-ID: #VU99059

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49853

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the scmi_optee_chan_free() function in drivers/firmware/arm_scmi/optee.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU98896

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47711

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the TEST_F() function in tools/testing/selftests/net/af_unix/msg_oob.c, within the manage_oob() and unix_ioctl() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU98952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49949

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper Initialization

EUVDB-ID: #VU99129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50026

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the wd33c93_intr() function in drivers/scsi/wd33c93.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU98978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47681

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7996_mcu_sta_bfer_he() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU98943

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50000

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Buffer overflow

EUVDB-ID: #VU100145

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50189

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper error handling

EUVDB-ID: #VU99079

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47716

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm/vfp/vfpinstr.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper locking

EUVDB-ID: #VU98997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50044

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) NULL pointer dereference

EUVDB-ID: #VU98968

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49871

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Resource management error

EUVDB-ID: #VU99172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49955

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Out-of-bounds read

EUVDB-ID: #VU98921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU98868

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49889

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Resource management error

EUVDB-ID: #VU99149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49954

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper locking

EUVDB-ID: #VU99010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50014

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Buffer overflow

EUVDB-ID: #VU99130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47731

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ali_drw_pmu_isr() function in drivers/perf/alibaba_uncore_drw_pmu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Double free

EUVDB-ID: #VU99057

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50055

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper locking

EUVDB-ID: #VU99823

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50098

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ufshcd_wl_shutdown() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

EUVDB-ID: #VU98908

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49930

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47684

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) NULL pointer dereference

EUVDB-ID: #VU98987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47705

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Double free

EUVDB-ID: #VU99056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50029

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the hci_enhanced_setup_sync() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU98960

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper locking

EUVDB-ID: #VU99034

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47689

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_handle_critical_error() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Buffer overflow

EUVDB-ID: #VU99154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50022

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dax_set_mapping() function in drivers/dax/device.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) NULL pointer dereference

EUVDB-ID: #VU98923

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50009

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amd_pstate_adjust_perf() and amd_pstate_init_prefcore() functions in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper error handling

EUVDB-ID: #VU99071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49937

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nl80211_start_radar_detection() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Memory leak

EUVDB-ID: #VU100119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50197

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the intel_platform_pinctrl_prepare_community() function in drivers/pinctrl/intel/pinctrl-intel-platform.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) NULL pointer dereference

EUVDB-ID: #VU98936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Buffer overflow

EUVDB-ID: #VU99460

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50076

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the con_font_get() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) NULL pointer dereference

EUVDB-ID: #VU98942

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50002

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper error handling

EUVDB-ID: #VU99453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50077

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the iso_init() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper locking

EUVDB-ID: #VU99031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper locking

EUVDB-ID: #VU99001

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50025

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU99446

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50069

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apple_gpio_pinctrl_probe() function in drivers/pinctrl/pinctrl-apple-gpio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Input validation error

EUVDB-ID: #VU99847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50101

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the domain_context_clear_one_cb() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) NULL pointer dereference

EUVDB-ID: #VU98954

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49942

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xe_bo_move() function in drivers/gpu/drm/xe/xe_bo.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use-after-free

EUVDB-ID: #VU98881

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the x86_android_tablet_probe() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Incorrect calculation

EUVDB-ID: #VU99186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50012

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the include/linux/cpufreq.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Buffer overflow

EUVDB-ID: #VU99152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49858

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Resource management error

EUVDB-ID: #VU100151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50201

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Integer overflow

EUVDB-ID: #VU99092

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49994

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the blk_ioctl_discard() and blk_ioctl_secure_erase() functions in block/ioctl.c. A local user can execute arbitrary code.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper error handling

EUVDB-ID: #VU99072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49897

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) NULL pointer dereference

EUVDB-ID: #VU98981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47687

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_vdpa_show_mr_leaks() function in drivers/vdpa/mlx5/core/mr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Out-of-bounds read

EUVDB-ID: #VU98914

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47751

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kirin_pcie_parse_port() function in drivers/pci/controller/dwc/pcie-kirin.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Buffer overflow

EUVDB-ID: #VU99157

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50001

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) NULL pointer dereference

EUVDB-ID: #VU99818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50117

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) NULL pointer dereference

EUVDB-ID: #VU98938

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49909

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Use-after-free

EUVDB-ID: #VU99444

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50086

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_check_user_session(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the __handle_ksmbd_work() function in fs/smb/server/server.c, within the ksmbd_expire_session(), ksmbd_session_lookup_slowpath(), ksmbd_session_lookup_all() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Information disclosure

EUVDB-ID: #VU99117

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50064

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the zram_destroy_comps() function in drivers/block/zram/zram_drv.c. A local user can gain access to sensitive information.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU99448

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50088

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the add_inode_ref() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Use-after-free

EUVDB-ID: #VU98864

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50005

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mac802154_scan_worker() function in net/mac802154/scan.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Resource management error

EUVDB-ID: #VU100143

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50184

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Use-after-free

EUVDB-ID: #VU98873

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Out-of-bounds read

EUVDB-ID: #VU98906

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49933

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU98986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47704

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_hpo_dp_throttled_vcp_size() and disable_hpo_dp_link_output() functions in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper locking

EUVDB-ID: #VU99290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50066

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the move_normal_pmd() function in mm/mremap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) NULL pointer dereference

EUVDB-ID: #VU98961

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49898

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the subvp_drr_schedulable() and subvp_vblank_schedulable() functions in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Memory leak

EUVDB-ID: #VU99438

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50068

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mm/damon/sysfs-test.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Resource management error

EUVDB-ID: #VU100144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50192

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Out-of-bounds write

EUVDB-ID: #VU101102

Risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-53104

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

124) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Memory leak

EUVDB-ID: #VU98858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47741

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the find_desired_extent_in_hole() and find_desired_extent() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Resource management error

EUVDB-ID: #VU99133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50039

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Use of uninitialized resource

EUVDB-ID: #VU99086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49861

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the sizeof() function in net/core/filter.c, within the sizeof() function in kernel/trace/bpf_trace.c, within the arg_type_is_dynptr() function in kernel/bpf/verifier.c, within the sizeof() function in kernel/bpf/syscall.c, within the sizeof() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Out-of-bounds read

EUVDB-ID: #VU98905

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Buffer overflow

EUVDB-ID: #VU100146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50194

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU98957

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Improper locking

EUVDB-ID: #VU99011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50006

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Buffer overflow

EUVDB-ID: #VU99193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49997

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7386-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Use-after-free

EUVDB-ID: #VU98880

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49983

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.

Update the affected package linux-oem-6.8 to the latest version.

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

• cpe:2.3:o:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6_8_0-1024-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*