Ubuntu update for linux-oem-6.8



Risk High
Patch available YES
Number of vulnerabilities 317
CVE-ID CVE-2024-8805
CVE-2025-0927
CVE-2024-49952
CVE-2024-49920
CVE-2024-49945
CVE-2024-50180
CVE-2024-49944
CVE-2024-49987
CVE-2024-50148
CVE-2024-49959
CVE-2024-50063
CVE-2024-50083
CVE-2024-49878
CVE-2024-49870
CVE-2024-49863
CVE-2024-49921
CVE-2024-49992
CVE-2024-47691
CVE-2024-49913
CVE-2024-47712
CVE-2024-49948
CVE-2024-49976
CVE-2024-50085
CVE-2024-49891
CVE-2024-56614
CVE-2024-47713
CVE-2024-47703
CVE-2024-50191
CVE-2024-50087
CVE-2024-49958
CVE-2024-49868
CVE-2024-49922
CVE-2024-49960
CVE-2024-50019
CVE-2024-47749
CVE-2024-49996
CVE-2024-47677
CVE-2024-50065
CVE-2024-47744
CVE-2024-49968
CVE-2024-49985
CVE-2024-47752
CVE-2024-50017
CVE-2024-50183
CVE-2024-47709
CVE-2024-49938
CVE-2024-49876
CVE-2024-49893
CVE-2024-50134
CVE-2024-49972
CVE-2024-49934
CVE-2024-50015
CVE-2024-49856
CVE-2024-49853
CVE-2024-47711
CVE-2024-49949
CVE-2024-50026
CVE-2024-47681
CVE-2024-50000
CVE-2024-50189
CVE-2024-47716
CVE-2024-47723
CVE-2024-50044
CVE-2024-50179
CVE-2024-49871
CVE-2024-50008
CVE-2024-49955
CVE-2024-50007
CVE-2024-47695
CVE-2024-49889
CVE-2024-49954
CVE-2024-49894
CVE-2024-50014
CVE-2024-47731
CVE-2024-50055
CVE-2024-50098
CVE-2024-49930
CVE-2024-47684
CVE-2024-47705
CVE-2024-50029
CVE-2024-49901
CVE-2024-47689
CVE-2024-50022
CVE-2024-50009
CVE-2024-49937
CVE-2024-50197
CVE-2024-49911
CVE-2024-50076
CVE-2024-50002
CVE-2024-50077
CVE-2024-47679
CVE-2024-50025
CVE-2024-50069
CVE-2024-50101
CVE-2024-49942
CVE-2024-49986
CVE-2024-50012
CVE-2024-49858
CVE-2024-49884
CVE-2024-50201
CVE-2024-47701
CVE-2024-49994
CVE-2024-49897
CVE-2024-47687
CVE-2024-47751
CVE-2024-50001
CVE-2024-50117
CVE-2024-49909
CVE-2024-50086
CVE-2024-50064
CVE-2024-50088
CVE-2024-50005
CVE-2024-50184
CVE-2024-49882
CVE-2024-49936
CVE-2024-49933
CVE-2024-49995
CVE-2024-47704
CVE-2024-50066
CVE-2024-49898
CVE-2024-50068
CVE-2024-50192
CVE-2024-53104
CVE-2024-49860
CVE-2024-47741
CVE-2024-50039
CVE-2024-47699
CVE-2024-49861
CVE-2024-49969
CVE-2024-49950
CVE-2024-50194
CVE-2024-49929
CVE-2024-50006
CVE-2024-49997
CVE-2024-49983
CVE-2024-47710
CVE-2024-50200
CVE-2024-47692
CVE-2024-47748
CVE-2024-49855
CVE-2024-50182
CVE-2024-47706
CVE-2024-50188
CVE-2024-47732
CVE-2024-47707
CVE-2024-50048
CVE-2024-50058
CVE-2024-49912
CVE-2024-49966
CVE-2024-49852
CVE-2024-47753
CVE-2024-50202
CVE-2024-50062
CVE-2024-50056
CVE-2024-49946
CVE-2024-49902
CVE-2024-50033
CVE-2024-47750
CVE-2024-50021
CVE-2024-49939
CVE-2024-50072
CVE-2024-49851
CVE-2024-49928
CVE-2024-50061
CVE-2024-49885
CVE-2024-50047
CVE-2024-47672
CVE-2024-47734
CVE-2024-47714
CVE-2024-49886
CVE-2024-47730
CVE-2024-47697
CVE-2024-49973
CVE-2024-47718
CVE-2024-49862
CVE-2024-49963
CVE-2024-49881
CVE-2024-53165
CVE-2024-49998
CVE-2024-47757
CVE-2024-49982
CVE-2024-50186
CVE-2024-50016
CVE-2024-47675
CVE-2024-50090
CVE-2024-49917
CVE-2024-50031
CVE-2024-50093
CVE-2024-49859
CVE-2024-49890
CVE-2024-47670
CVE-2024-49919
CVE-2024-53156
CVE-2024-49924
CVE-2024-50078
CVE-2024-49864
CVE-2024-49962
CVE-2024-47720
CVE-2024-49874
CVE-2024-41016
CVE-2024-49991
CVE-2024-47726
CVE-2024-50171
CVE-2024-47682
CVE-2024-49865
CVE-2024-49988
CVE-2024-49903
CVE-2024-50035
CVE-2024-50229
CVE-2024-50075
CVE-2024-50195
CVE-2024-49947
CVE-2024-49900
CVE-2024-50040
CVE-2024-50176
CVE-2024-47686
CVE-2024-49978
CVE-2024-49923
CVE-2024-50199
CVE-2024-49999
CVE-2024-50070
CVE-2024-49953
CVE-2024-47733
CVE-2024-49888
CVE-2024-49977
CVE-2024-50080
CVE-2024-49905
CVE-2024-47737
CVE-2024-49961
CVE-2024-50030
CVE-2024-49951
CVE-2024-49892
CVE-2024-50096
CVE-2024-47735
CVE-2024-47673
CVE-2024-56663
CVE-2024-49981
CVE-2024-50049
CVE-2024-50193
CVE-2024-49957
CVE-2024-47742
CVE-2024-49880
CVE-2024-49965
CVE-2024-49927
CVE-2024-47690
CVE-2024-50057
CVE-2024-50073
CVE-2024-49931
CVE-2024-49875
CVE-2024-50041
CVE-2024-47700
CVE-2024-47719
CVE-2024-56582
CVE-2024-47738
CVE-2024-47754
CVE-2024-49850
CVE-2024-47678
CVE-2024-49935
CVE-2024-47739
CVE-2024-50028
CVE-2024-47727
CVE-2024-47728
CVE-2024-50084
CVE-2024-50095
CVE-2024-50175
CVE-2024-50198
CVE-2024-47702
CVE-2024-50187
CVE-2024-50032
CVE-2024-50074
CVE-2024-50020
CVE-2024-53144
CVE-2024-50233
CVE-2024-47698
CVE-2024-49879
CVE-2024-49896
CVE-2024-47747
CVE-2024-49877
CVE-2024-50046
CVE-2024-49866
CVE-2024-47740
CVE-2024-50042
CVE-2024-50060
CVE-2024-49925
CVE-2024-50013
CVE-2024-49867
CVE-2024-47685
CVE-2024-47743
CVE-2024-49883
CVE-2024-53170
CVE-2024-50038
CVE-2024-47756
CVE-2024-47696
CVE-2024-49980
CVE-2024-50185
CVE-2024-47693
CVE-2024-49915
CVE-2024-49914
CVE-2024-49907
CVE-2024-49989
CVE-2024-50196
CVE-2024-50027
CVE-2024-47745
CVE-2024-50045
CVE-2024-50024
CVE-2024-49918
CVE-2024-49975
CVE-2024-49974
CVE-2024-50082
CVE-2024-49895
CVE-2024-47671
CVE-2024-50059
CVE-2024-50099
CVE-2024-50023
CVE-2024-47688
CVE-2024-49926
CVE-2024-50036
CWE-ID CWE-284
CWE-122
CWE-119
CWE-476
CWE-416
CWE-399
CWE-667
CWE-401
CWE-20
CWE-125
CWE-682
CWE-908
CWE-388
CWE-415
CWE-665
CWE-190
CWE-200
CWE-787
CWE-617
CWE-362
CWE-193
CWE-369
CWE-835
Exploitation vector Local network
Public exploit Vulnerability #123 is being exploited in the wild.
Vulnerable software
Ubuntu
Operating systems & Components / Operating system

linux-image-oem-24.04a (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-24.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.8.0-1024-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 317 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU97651

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8805

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the implementation of the HID over GATT Profile. A remote attacker on the local network can bypass implemented security restrictions and execute arbitrary code on the target system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU104094

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0927

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hfs_bnode_read_key() function in HFS+ filesystem implementation. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU99151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU98927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49920

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU98875

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49945

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU98953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49944

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU98946

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49987

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the show_link_netfilter() function in tools/bpf/bpftool/net.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU100087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50148

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU99190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50063

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU99458

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50083

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU99169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49878

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU98851

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49870

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cachefiles_open_file(), fput() and cachefiles_look_up_object() functions in fs/cachefiles/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU98970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49863

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU98926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49921

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU98883

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49992

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ltdc_crtc_atomic_print_state(), ltdc_plane_atomic_print_state(), ltdc_plane_create(), ltdc_crtc_init(), ltdc_encoder_init(), ltdc_load() and ltdc_unload() functions in drivers/gpu/drm/stm/ltdc.c, within the drv_load() function in drivers/gpu/drm/stm/drv.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU98900

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47691

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_shutdown() function in fs/f2fs/super.c, within the f2fs_ioc_abort_atomic_write(), f2fs_do_shutdown() and f2fs_ioc_shutdown() functions in fs/f2fs/file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU98934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49913

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU99042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU99015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49976

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stop_kthread() and stop_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU99443

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50085

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU98963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49891

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU102084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56614

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xsk_map_delete_elem() function in net/xdp/xskmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU99032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Incorrect calculation

EUVDB-ID: #VU99189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47703

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mark_reg_unknown(), check_packet_access(), check_ctx_access(), check_stack_access_within_bounds(), check_mem_access() and check_return_code() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c, within the BTF_SET_START() function in kernel/bpf/bpf_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU100127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50191

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use of uninitialized resource

EUVDB-ID: #VU99455

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50087

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the replay_one_name() and check_item_in_log() functions in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU98924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49922

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU98877

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49960

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU99160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50019

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU99101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Memory leak

EUVDB-ID: #VU98862

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47677

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the exfat_create_upcase_table() function in fs/exfat/nls.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU98993

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50065

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_d_hash() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU99027

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47744

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), kvm_online_cpu(), hardware_disable_nolock(), hardware_disable_all_nolock(), hardware_enable_all() and kvm_suspend() functions in virt/kvm/kvm_main.c, within the cpus_read_lock() function in Documentation/virt/kvm/locking.rst. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU99226

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU99013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49985

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Input validation error

EUVDB-ID: #VU99045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47752

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_h264_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Input validation error

EUVDB-ID: #VU99219

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ident_pud_init() function in arch/x86/mm/ident_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper locking

EUVDB-ID: #VU100126

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50183

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c, within the lpfc_cmpl_ct() function in drivers/scsi/lpfc/lpfc_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47709

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU99041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU98865

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49876

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the get_submit_wq(), xe_guc_submit_init(), __release_guc_id() and __guc_exec_queue_fini_async() functions in drivers/gpu/drm/xe/xe_guc_submit.c, within the xe_device_destroy() and xe_device_create() functions in drivers/gpu/drm/xe/xe_device.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper error handling

EUVDB-ID: #VU99073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49893

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the commit_planes_for_stream_fast() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Buffer overflow

EUVDB-ID: #VU99837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50134

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use of uninitialized resource

EUVDB-ID: #VU99085

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49972

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the dc_state_create() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU98872

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Buffer overflow

EUVDB-ID: #VU99099

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU99029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49856

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Double free

EUVDB-ID: #VU99059

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49853

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the scmi_optee_chan_free() function in drivers/firmware/arm_scmi/optee.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU98896

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47711

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the TEST_F() function in tools/testing/selftests/net/af_unix/msg_oob.c, within the manage_oob() and unix_ioctl() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU98952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49949

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper Initialization

EUVDB-ID: #VU99129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50026

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the wd33c93_intr() function in drivers/scsi/wd33c93.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU98978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47681

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7996_mcu_sta_bfer_he() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU98943

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50000

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Buffer overflow

EUVDB-ID: #VU100145

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50189

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper error handling

EUVDB-ID: #VU99079

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47716

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm/vfp/vfpinstr.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper locking

EUVDB-ID: #VU98997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50044

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) NULL pointer dereference

EUVDB-ID: #VU98968

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49871

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Resource management error

EUVDB-ID: #VU99172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49955

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Out-of-bounds read

EUVDB-ID: #VU98921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU98868

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49889

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Resource management error

EUVDB-ID: #VU99149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49954

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper locking

EUVDB-ID: #VU99010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50014

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Buffer overflow

EUVDB-ID: #VU99130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47731

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ali_drw_pmu_isr() function in drivers/perf/alibaba_uncore_drw_pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Double free

EUVDB-ID: #VU99057

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50055

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper locking

EUVDB-ID: #VU99823

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50098

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ufshcd_wl_shutdown() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

EUVDB-ID: #VU98908

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49930

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47684

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) NULL pointer dereference

EUVDB-ID: #VU98987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47705

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Double free

EUVDB-ID: #VU99056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50029

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the hci_enhanced_setup_sync() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU98960

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper locking

EUVDB-ID: #VU99034

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47689

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_handle_critical_error() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Buffer overflow

EUVDB-ID: #VU99154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50022

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dax_set_mapping() function in drivers/dax/device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) NULL pointer dereference

EUVDB-ID: #VU98923

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50009

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amd_pstate_adjust_perf() and amd_pstate_init_prefcore() functions in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper error handling

EUVDB-ID: #VU99071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49937

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nl80211_start_radar_detection() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Memory leak

EUVDB-ID: #VU100119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50197

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the intel_platform_pinctrl_prepare_community() function in drivers/pinctrl/intel/pinctrl-intel-platform.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) NULL pointer dereference

EUVDB-ID: #VU98936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Buffer overflow

EUVDB-ID: #VU99460

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50076

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the con_font_get() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) NULL pointer dereference

EUVDB-ID: #VU98942

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50002

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper error handling

EUVDB-ID: #VU99453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50077

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the iso_init() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper locking

EUVDB-ID: #VU99031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper locking

EUVDB-ID: #VU99001

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50025

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU99446

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50069

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apple_gpio_pinctrl_probe() function in drivers/pinctrl/pinctrl-apple-gpio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Input validation error

EUVDB-ID: #VU99847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50101

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the domain_context_clear_one_cb() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) NULL pointer dereference

EUVDB-ID: #VU98954

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49942

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xe_bo_move() function in drivers/gpu/drm/xe/xe_bo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use-after-free

EUVDB-ID: #VU98881

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the x86_android_tablet_probe() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Incorrect calculation

EUVDB-ID: #VU99186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50012

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the include/linux/cpufreq.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Buffer overflow

EUVDB-ID: #VU99152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49858

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Resource management error

EUVDB-ID: #VU100151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50201

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Integer overflow

EUVDB-ID: #VU99092

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49994

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the blk_ioctl_discard() and blk_ioctl_secure_erase() functions in block/ioctl.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper error handling

EUVDB-ID: #VU99072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49897

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) NULL pointer dereference

EUVDB-ID: #VU98981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47687

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_vdpa_show_mr_leaks() function in drivers/vdpa/mlx5/core/mr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Out-of-bounds read

EUVDB-ID: #VU98914

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47751

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kirin_pcie_parse_port() function in drivers/pci/controller/dwc/pcie-kirin.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Buffer overflow

EUVDB-ID: #VU99157

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50001

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) NULL pointer dereference

EUVDB-ID: #VU99818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50117

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) NULL pointer dereference

EUVDB-ID: #VU98938

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49909

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Use-after-free

EUVDB-ID: #VU99444

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50086

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_check_user_session(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the __handle_ksmbd_work() function in fs/smb/server/server.c, within the ksmbd_expire_session(), ksmbd_session_lookup_slowpath(), ksmbd_session_lookup_all() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Information disclosure

EUVDB-ID: #VU99117

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50064

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the zram_destroy_comps() function in drivers/block/zram/zram_drv.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU99448

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50088

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the add_inode_ref() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Use-after-free

EUVDB-ID: #VU98864

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50005

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mac802154_scan_worker() function in net/mac802154/scan.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Resource management error

EUVDB-ID: #VU100143

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50184

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Use-after-free

EUVDB-ID: #VU98873

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Out-of-bounds read

EUVDB-ID: #VU98906

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49933

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU98986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47704

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_hpo_dp_throttled_vcp_size() and disable_hpo_dp_link_output() functions in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper locking

EUVDB-ID: #VU99290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50066

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the move_normal_pmd() function in mm/mremap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) NULL pointer dereference

EUVDB-ID: #VU98961

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49898

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the subvp_drr_schedulable() and subvp_vblank_schedulable() functions in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Memory leak

EUVDB-ID: #VU99438

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50068

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mm/damon/sysfs-test.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Resource management error

EUVDB-ID: #VU100144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50192

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Out-of-bounds write

EUVDB-ID: #VU101102

Risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-53104

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

124) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Memory leak

EUVDB-ID: #VU98858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47741

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the find_desired_extent_in_hole() and find_desired_extent() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Resource management error

EUVDB-ID: #VU99133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50039

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Use of uninitialized resource

EUVDB-ID: #VU99086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49861

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the sizeof() function in net/core/filter.c, within the sizeof() function in kernel/trace/bpf_trace.c, within the arg_type_is_dynptr() function in kernel/bpf/verifier.c, within the sizeof() function in kernel/bpf/syscall.c, within the sizeof() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Out-of-bounds read

EUVDB-ID: #VU98905

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Buffer overflow

EUVDB-ID: #VU100146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50194

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU98957

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Improper locking

EUVDB-ID: #VU99011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50006

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Buffer overflow

EUVDB-ID: #VU99193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49997

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Use-after-free

EUVDB-ID: #VU98880

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49983

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Improper locking

EUVDB-ID: #VU99033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47710

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Reachable assertion

EUVDB-ID: #VU100132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50200

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the mte_node_or_none(), mas_wr_walk(), mas_wr_walk_index() and mas_wr_spanning_store() functions in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) NULL pointer dereference

EUVDB-ID: #VU98983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47692

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Use-after-free

EUVDB-ID: #VU98889

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47748

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Use-after-free

EUVDB-ID: #VU98893

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Buffer overflow

EUVDB-ID: #VU100147

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50182

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Use-after-free

EUVDB-ID: #VU98897

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Buffer overflow

EUVDB-ID: #VU100138

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50188

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Use-after-free

EUVDB-ID: #VU98887

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47732

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remove_device_compression_modes() function in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) NULL pointer dereference

EUVDB-ID: #VU98988

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Improper error handling

EUVDB-ID: #VU99061

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50048

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Input validation error

EUVDB-ID: #VU99205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50058

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) NULL pointer dereference

EUVDB-ID: #VU98935

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49912

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the planes_changed_for_existing_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Improper error handling

EUVDB-ID: #VU99070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49966

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Use-after-free

EUVDB-ID: #VU98891

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Input validation error

EUVDB-ID: #VU99046

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47753

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_vp8_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Input validation error

EUVDB-ID: #VU100130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Input validation error

EUVDB-ID: #VU99039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Input validation error

EUVDB-ID: #VU99204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50056

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the find_format_by_pix(), uvc_v4l2_try_format() and uvc_v4l2_enum_format() functions in drivers/usb/gadget/function/uvc_v4l2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Improper locking

EUVDB-ID: #VU99018

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49946

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ppp_channel_bridge_input() function in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Out-of-bounds read

EUVDB-ID: #VU98910

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49902

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Use-after-free

EUVDB-ID: #VU98890

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47750

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hns_roce_v2_exit() and __hns_roce_hw_v2_uninit_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Incorrect calculation

EUVDB-ID: #VU99183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50021

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the ice_dpll_init_rclk_pins() function in drivers/net/ethernet/intel/ice/ice_dpll.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Improper locking

EUVDB-ID: #VU99019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49939

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtw89_ops_add_interface() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Resource management error

EUVDB-ID: #VU99457

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50072

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/x86/include/asm/nospec-branch.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Memory leak

EUVDB-ID: #VU98860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49851

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Out-of-bounds read

EUVDB-ID: #VU98909

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49928

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/realtek/rtw89/core.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Race condition

EUVDB-ID: #VU99126

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50061

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Buffer overflow

EUVDB-ID: #VU99191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49885

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the slab_update_freelist(), print_slab_info(), inc_slabs_node() and slab_free_hook() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Improper locking

EUVDB-ID: #VU98995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Resource management error

EUVDB-ID: #VU99174

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47734

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bond_xdp_get_xmit_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Out-of-bounds read

EUVDB-ID: #VU98918

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47714

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mt7996_mcu_sta_bfer_tlv() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Out-of-bounds read

EUVDB-ID: #VU98903

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49886

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Input validation error

EUVDB-ID: #VU99227

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qm_set_vf_mse(), qm_controller_reset_prepare(), qm_master_ooo_check() and qm_soft_reset_prepare() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Out-of-bounds read

EUVDB-ID: #VU98920

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47697

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Buffer overflow

EUVDB-ID: #VU99156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49973

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Use-after-free

EUVDB-ID: #VU98894

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Off-by-one

EUVDB-ID: #VU99088

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49862

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the get_rpi() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Resource management error

EUVDB-ID: #VU99150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49963

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Memory leak

EUVDB-ID: #VU98852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Use-after-free

EUVDB-ID: #VU102062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53165

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) NULL pointer dereference

EUVDB-ID: #VU98944

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49998

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and dsa_switch_shutdown() functions in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Out-of-bounds read

EUVDB-ID: #VU98913

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47757

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Use-after-free

EUVDB-ID: #VU98879

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49982

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) NULL pointer dereference

EUVDB-ID: #VU100122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50186

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sock_create() function in net/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Integer overflow

EUVDB-ID: #VU99090

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50016

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Memory leak

EUVDB-ID: #VU98861

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47675

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bpf_uprobe_multi_link_attach() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Reachable assertion

EUVDB-ID: #VU99830

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50090

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __xe_bb_create_job() function in drivers/gpu/drm/xe/xe_bb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) NULL pointer dereference

EUVDB-ID: #VU98930

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Resource management error

EUVDB-ID: #VU99135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50031

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Resource management error

EUVDB-ID: #VU99842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50093

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Input validation error

EUVDB-ID: #VU99230

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49859

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_defragment_range(), f2fs_move_file_range() and f2fs_ioc_set_pin_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) NULL pointer dereference

EUVDB-ID: #VU98964

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49890

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) NULL pointer dereference

EUVDB-ID: #VU98928

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn201_acquire_free_pipe_for_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) Out-of-bounds read

EUVDB-ID: #VU101911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53156

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) Use-after-free

EUVDB-ID: #VU98870

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49924

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) Improper error handling

EUVDB-ID: #VU99454

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50078

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bt_exit() function in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Race condition

EUVDB-ID: #VU99127

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49864

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the rxrpc_open_socket() function in net/rxrpc/local_object.c, within the rxrpc_encap_rcv() and rxrpc_io_thread() functions in net/rxrpc/io_thread.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) NULL pointer dereference

EUVDB-ID: #VU98949

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49962

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) NULL pointer dereference

EUVDB-ID: #VU98991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) Use-after-free

EUVDB-ID: #VU98884

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49874

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svc_i3c_master_remove() function in drivers/i3c/master/svc-i3c-master.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41016

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) Use-after-free

EUVDB-ID: #VU98882

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) Improper locking

EUVDB-ID: #VU99198

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47726

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_setattr() and f2fs_fallocate() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) Memory leak

EUVDB-ID: #VU100056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Out-of-bounds read

EUVDB-ID: #VU98916

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47682

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sd_read_block_characteristics() function in drivers/scsi/sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

205) Use-after-free

EUVDB-ID: #VU98886

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49865

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xe_vm_create_ioctl() function in drivers/gpu/drm/xe/xe_vm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Incorrect calculation

EUVDB-ID: #VU99187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49988

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the session_fd_check() and ksmbd_reopen_durable_fd() functions in fs/smb/server/vfs_cache.c, within the alloc_opinfo(), free_opinfo(), opinfo_get_list(), smb_send_parent_lease_break_noti(), smb_lazy_parent_lease_break_close(), smb_grant_oplock(), smb_break_all_write_oplock() and smb_break_all_levII_oplock() functions in fs/smb/server/oplock.c, within the ksmbd_conn_free() and ksmbd_conn_alloc() functions in fs/smb/server/connection.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

207) Use-after-free

EUVDB-ID: #VU98869

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

208) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

209) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

210) Input validation error

EUVDB-ID: #VU99462

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50075

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tegra_xusb_enter_elpg() function in drivers/usb/host/xhci-tegra.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

211) Resource management error

EUVDB-ID: #VU100150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50195

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

212) Resource management error

EUVDB-ID: #VU99170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49947

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

213) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

214) Improper error handling

EUVDB-ID: #VU99062

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50040

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

215) Improper error handling

EUVDB-ID: #VU100133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50176

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dev_err() and rproc_del() functions in drivers/remoteproc/ti_k3_r5_remoteproc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

216) Out-of-bounds read

EUVDB-ID: #VU98922

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47686

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ep93xx_div_recalc_rate() function in arch/arm/mach-ep93xx/clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

217) NULL pointer dereference

EUVDB-ID: #VU98948

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49978

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

218) NULL pointer dereference

EUVDB-ID: #VU98950

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49923

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn21_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c, within the dcn20_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

219) Use-after-free

EUVDB-ID: #VU100120

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50199

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unuse_mm() function in mm/swapfile.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

220) Improper error handling

EUVDB-ID: #VU99069

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49999

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the afs_wait_for_operation() function in fs/afs/fs_operation.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

221) NULL pointer dereference

EUVDB-ID: #VU99447

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50070

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stm32_gpiolib_register_bank() function in drivers/pinctrl/stm32/pinctrl-stm32.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

222) Input validation error

EUVDB-ID: #VU99043

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49953

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5e_ipsec_handle_tx_limit() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

223) Memory leak

EUVDB-ID: #VU98857

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47733

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the netfs_init() and fs_initcall() functions in fs/netfs/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

224) Improper error handling

EUVDB-ID: #VU99074

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49888

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the do_misc_fixups() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

225) Input validation error

EUVDB-ID: #VU99221

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tc_setup_cbs() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

226) Memory leak

EUVDB-ID: #VU99439

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50080

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

227) NULL pointer dereference

EUVDB-ID: #VU98958

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the handle_cursor_update() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

228) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

229) Resource management error

EUVDB-ID: #VU99173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49961

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ar0521_power_off() and ar0521_power_on() functions in drivers/media/i2c/ar0521.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

230) Improper locking

EUVDB-ID: #VU99000

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50030

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wait_event_timeout() function in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

231) Resource management error

EUVDB-ID: #VU99171

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49951

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cmd_status_rsp(), mgmt_index_added(), mgmt_power_on() and __mgmt_power_off() functions in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

232) Input validation error

EUVDB-ID: #VU99224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49892

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

233) Buffer overflow

EUVDB-ID: #VU99843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50096

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

234) Improper locking

EUVDB-ID: #VU99025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

235) Resource management error

EUVDB-ID: #VU98375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47673

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

236) Input validation error

EUVDB-ID: #VU102187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56663

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the NLA_POLICY_NESTED_ARRAY() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

237) Use-after-free

EUVDB-ID: #VU98878

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

238) Input validation error

EUVDB-ID: #VU99203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50049

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

239) Resource management error

EUVDB-ID: #VU100149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50193

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/entry/entry_32.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

240) NULL pointer dereference

EUVDB-ID: #VU98941

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

241) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

242) Improper error handling

EUVDB-ID: #VU99077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49880

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the alloc_flex_gd() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

243) Improper locking

EUVDB-ID: #VU99016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

244) Resource management error

EUVDB-ID: #VU99148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49927

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

245) Improper error handling

EUVDB-ID: #VU99080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47690

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

246) Resource management error

EUVDB-ID: #VU99132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50057

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tps6598x_remove() function in drivers/usb/typec/tipd/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

247) Use-after-free

EUVDB-ID: #VU99442

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50073

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

248) Out-of-bounds read

EUVDB-ID: #VU98907

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49931

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

249) Improper locking

EUVDB-ID: #VU99020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49875

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

250) Improper locking

EUVDB-ID: #VU98999

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50041

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

251) Division by zero

EUVDB-ID: #VU99118

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47700

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ext4_block_group_meta_init(), __ext4_fill_super() and __ext4_remount() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

252) Memory leak

EUVDB-ID: #VU98863

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47719

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iopt_alloc_iova() function in drivers/iommu/iommufd/io_pagetable.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

253) Use-after-free

EUVDB-ID: #VU102045

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56582

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_encoded_read_endio() function in fs/btrfs/inode.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

254) Resource management error

EUVDB-ID: #VU99175

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47738

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee80211_tx_h_rate_ctrl() function in net/mac80211/tx.c, within the ieee80211_send_scan_probe_req() function in net/mac80211/scan.c, within the ieee80211_get_tx_rates() function in net/mac80211/rate.c, within the ieee80211_mgmt_tx() function in net/mac80211/offchannel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

255) Input validation error

EUVDB-ID: #VU99047

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_h264_slice_single_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

256) NULL pointer dereference

EUVDB-ID: #VU98974

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49850

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bpf_core_apply() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

257) Improper locking

EUVDB-ID: #VU99030

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47678

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the icmpv6_mask_allow(), icmpv6_global_allow(), icmpv6_xrlim_allow(), icmp6_send() and icmpv6_echo_reply() functions in net/ipv6/icmp.c, within the __SPIN_LOCK_UNLOCKED(), icmpv4_mask_allow(), icmpv4_global_allow(), icmpv4_xrlim_allow(), icmp_reply() and __icmp_send() functions in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

258) Race condition

EUVDB-ID: #VU99178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49935

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

259) Improper locking

EUVDB-ID: #VU99021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47739

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

260) Incorrect calculation

EUVDB-ID: #VU99184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50028

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

261) Input validation error

EUVDB-ID: #VU99231

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47727

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the handle_mmio() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

262) Memory leak

EUVDB-ID: #VU98856

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47728

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

263) Memory leak

EUVDB-ID: #VU99441

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50084

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

264) Improper locking

EUVDB-ID: #VU99828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50095

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

265) Improper locking

EUVDB-ID: #VU100125

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50175

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the video_stop_streaming() function in drivers/media/platform/qcom/camss/camss-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

266) NULL pointer dereference

EUVDB-ID: #VU100123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50198

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

267) Input validation error

EUVDB-ID: #VU99048

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47702

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bpf_skb_is_valid_access(), xdp_is_valid_access() and flow_dissector_is_valid_access() functions in net/core/filter.c, within the check_packet_access() and check_mem_access() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

268) Input validation error

EUVDB-ID: #VU100156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50187

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

269) Resource management error

EUVDB-ID: #VU99134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50032

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kernel/rcu/tree_nocb.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

270) Out-of-bounds read

EUVDB-ID: #VU99445

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

271) Improper error handling

EUVDB-ID: #VU99064

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50020

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ice_sriov_set_msix_vec_count() and ice_sriov_get_irqs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

272) Input validation error

EUVDB-ID: #VU101815

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53144

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_user_confirm_request_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

273) Division by zero

EUVDB-ID: #VU100200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50233

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

274) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47698

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

275) NULL pointer dereference

EUVDB-ID: #VU98965

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

276) NULL pointer dereference

EUVDB-ID: #VU98962

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

277) Use-after-free

EUVDB-ID: #VU98888

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47747

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

278) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

279) Improper locking

EUVDB-ID: #VU98996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50046

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

280) Resource management error

EUVDB-ID: #VU99146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49866

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

281) Input validation error

EUVDB-ID: #VU99228

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47740

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_ioc_start_atomic_write(), f2fs_ioc_commit_atomic_write(), f2fs_ioc_start_volatile_write(), f2fs_ioc_release_volatile_write() and f2fs_ioc_abort_volatile_write() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

282) Buffer overflow

EUVDB-ID: #VU99155

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50042

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ice_vf_pre_vsi_rebuild() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c, within the ice_sriov_set_msix_vec_count() function in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

283) Improper locking

EUVDB-ID: #VU98994

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50060

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __io_cqring_overflow_flush() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

284) Use-after-free

EUVDB-ID: #VU98871

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49925

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

285) Memory leak

EUVDB-ID: #VU98850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50013

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the exfat_load_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

286) Use-after-free

EUVDB-ID: #VU98885

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49867

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

287) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

288) NULL pointer dereference

EUVDB-ID: #VU98972

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47743

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the find_asymmetric_key() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

289) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

290) Use-after-free

EUVDB-ID: #VU102060

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53170

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the del_gendisk() function in block/genhd.c, within the blk_register_queue() function in block/blk-sysfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

291) Resource management error

EUVDB-ID: #VU99159

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50038

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

292) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

293) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

294) Improper locking

EUVDB-ID: #VU99014

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49980

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vrf_finish_direct() function in drivers/net/vrf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

295) Reachable assertion

EUVDB-ID: #VU100131

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50185

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

296) Resource management error

EUVDB-ID: #VU99176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47693

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

297) NULL pointer dereference

EUVDB-ID: #VU98932

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49915

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

298) NULL pointer dereference

EUVDB-ID: #VU98933

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49914

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

299) NULL pointer dereference

EUVDB-ID: #VU98925

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

300) Double free

EUVDB-ID: #VU99058

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49989

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the link_destruct() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

301) Infinite loop

EUVDB-ID: #VU100142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50196

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

302) Double free

EUVDB-ID: #VU99055

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50027

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the thermal_zone_device_unregister() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

303) Input validation error

EUVDB-ID: #VU99229

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

304) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

305) Infinite loop

EUVDB-ID: #VU99121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50024

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

306) NULL pointer dereference

EUVDB-ID: #VU98929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_acquire_idle_pipe_for_head_pipe_in_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

307) Memory leak

EUVDB-ID: #VU98854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49975

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

308) Input validation error

EUVDB-ID: #VU99220

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

309) Improper locking

EUVDB-ID: #VU99451

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50082

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

310) Out-of-bounds read

EUVDB-ID: #VU98911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49895

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

311) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

312) Race condition

EUVDB-ID: #VU99125

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50059

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

313) Improper locking

EUVDB-ID: #VU99824

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50099

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

314) Input validation error

EUVDB-ID: #VU99196

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50023

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the phy_led_hw_is_supported() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

315) NULL pointer dereference

EUVDB-ID: #VU98982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47688

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the module_add_driver() function in drivers/base/module.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

316) Resource management error

EUVDB-ID: #VU99147

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49926

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kernel/rcu/tasks.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

317) Incorrect calculation

EUVDB-ID: #VU99185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50036

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1024.24

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1024.24

linux-image-6.8.0-1024-oem (Ubuntu package): before 6.8.0-1024.24

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7386-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###