Ubuntu update for linux-azure
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 154 |
| CVE-ID | CVE-2024-23848 CVE-2025-0927 CVE-2024-56532 CVE-2024-53127 CVE-2024-56574 CVE-2024-56576 CVE-2024-57922 CVE-2024-53135 CVE-2024-56606 CVE-2024-53155 CVE-2024-53136 CVE-2024-56769 CVE-2024-56690 CVE-2024-53150 CVE-2024-38588 CVE-2024-53171 CVE-2024-56748 CVE-2024-56558 CVE-2024-56595 CVE-2024-56670 CVE-2024-56637 CVE-2024-56739 CVE-2024-56681 CVE-2024-53158 CVE-2024-53172 CVE-2024-56700 CVE-2024-56645 CVE-2024-56723 CVE-2024-56572 CVE-2024-57889 CVE-2024-43098 CVE-2024-56614 CVE-2024-53197 CVE-2025-21640 CVE-2024-57938 CVE-2024-53140 CVE-2024-57929 CVE-2024-56593 CVE-2024-56691 CVE-2025-21687 CVE-2024-56770 CVE-2024-53131 CVE-2024-56531 CVE-2024-56603 CVE-2025-21653 CVE-2024-53239 CVE-2024-57946 CVE-2024-56581 CVE-2024-56694 CVE-2024-56597 CVE-2024-57849 CVE-2024-56601 CVE-2024-53156 CVE-2024-56747 CVE-2024-53146 CVE-2025-21664 CVE-2024-53217 CVE-2025-21638 CVE-2024-53157 CVE-2024-56688 CVE-2024-47707 CVE-2024-53173 CVE-2024-56605 CVE-2024-56619 CVE-2024-49925 CVE-2024-49936 CVE-2024-56586 CVE-2024-57892 CVE-2024-56562 CVE-2024-57902 CVE-2024-53148 CVE-2024-53194 CVE-2024-56720 CVE-2024-53121 CVE-2024-48881 CVE-2024-56767 CVE-2024-56780 CVE-2024-56548 CVE-2024-57931 CVE-2024-56724 CVE-2024-53142 CVE-2024-53214 CVE-2025-21639 CVE-2024-43900 CVE-2024-56659 CVE-2024-57908 CVE-2024-57913 CVE-2024-53181 CVE-2024-56630 CVE-2024-56598 CVE-2024-56539 CVE-2024-57951 CVE-2024-56600 CVE-2024-52332 CVE-2024-55916 CVE-2024-53130 CVE-2024-56587 CVE-2024-57911 CVE-2024-57901 CVE-2024-57807 CVE-2024-49996 CVE-2025-21697 CVE-2024-53198 CVE-2024-53145 CVE-2024-57910 CVE-2022-49034 CVE-2024-56629 CVE-2024-56570 CVE-2024-57948 CVE-2024-53227 CVE-2024-56643 CVE-2024-56602 CVE-2024-57904 CVE-2024-56594 CVE-2024-56615 CVE-2024-53690 CVE-2024-56650 CVE-2025-21699 CVE-2024-56644 CVE-2024-56631 CVE-2024-53183 CVE-2024-50051 CVE-2024-49884 CVE-2024-56569 CVE-2024-56596 CVE-2024-57912 CVE-2024-56781 CVE-2024-57802 CVE-2024-56704 CVE-2024-57850 CVE-2024-57906 CVE-2025-21678 CVE-2024-56634 CVE-2024-53138 CVE-2021-47219 CVE-2024-57890 CVE-2024-53112 CVE-2024-53174 CVE-2024-56756 CVE-2024-56779 CVE-2024-57884 CVE-2024-56746 CVE-2024-53161 CVE-2024-57900 CVE-2024-56567 CVE-2024-56633 CVE-2025-21694 CVE-2024-53165 CVE-2024-56642 CVE-2024-53184 CVE-2024-44938 CVE-2024-53124 CVE-2025-21689 CVE-2024-53680 |
| CWE-ID | CWE-416 CWE-122 CWE-667 CWE-119 CWE-476 CWE-399 CWE-617 CWE-908 CWE-388 CWE-20 CWE-125 CWE-401 CWE-362 CWE-191 CWE-787 CWE-190 CWE-415 CWE-682 CWE-269 CWE-369 CWE-366 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #33 is being exploited in the wild. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-xilinx-zynqmp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-bluefield (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1147-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1145-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1140-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1129-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1101-bluefield (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1088-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 154 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU91600
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23848
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU104094
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-0927
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hfs_bnode_read_key() function in HFS+ filesystem implementation. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU102181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56532
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_us122l_disconnect() function in sound/usb/usx2y/us122l.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU101231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53127
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dw_mci_init_slot() function in drivers/mmc/host/dw_mmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU102125
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56574
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ts2020_regmap_unlock() function in drivers/media/dvb-frontends/ts2020.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU102229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56576
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Reachable assertion
EUVDB-ID: #VU103037
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57922
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the drivers/gpu/drm/amd/display/dc/dml/dml_inline_defs.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU101228
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53135
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the module_param() function in arch/x86/kvm/vmx/vmx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU102021
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56606
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU101917
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53155
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ocfs2_file_write_iter() and ocfs2_file_read_iter() functions in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU101229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53136
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper error handling
EUVDB-ID: #VU102401
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56769
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the MODULE_PARM_DESC() function in drivers/media/dvb-frontends/dib3000mb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU102261
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56690
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pcrypt_aead_encrypt() and pcrypt_aead_decrypt() functions in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU101910
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53150
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU92312
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38588
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU102059
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53171
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the get_znodes_to_commit() function in fs/ubifs/tnc_commit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU101979
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56748
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qedf_alloc_and_init_sb() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU102042
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56558
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU102088
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56595
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU102122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56670
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gs_start_io() function in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Race condition
EUVDB-ID: #VU102219
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56637
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the find_set_type() function in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU102154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56739
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtc_timer_do_work() function in drivers/rtc/interface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper error handling
EUVDB-ID: #VU102198
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56681
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ahash_hmac_setkey() and ahash_hmac_init() functions in drivers/crypto/bcm/cipher.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Integer underflow
EUVDB-ID: #VU101924
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53158
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the geni_se_clk_tbl_get() function in drivers/soc/qcom/qcom-geni-se.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Resource management error
EUVDB-ID: #VU102249
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53172
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the alloc_ai(), scan_fast() and ubi_attach() functions in drivers/mtd/ubi/attach.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU102102
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56700
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fmc_send_cmd() function in drivers/media/radio/wl128x/fmdrv_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Integer underflow
EUVDB-ID: #VU102210
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56645
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the j1939_session_new() function in net/can/j1939/transport.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Resource management error
EUVDB-ID: #VU102225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56723
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory leak
EUVDB-ID: #VU101996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56572
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the allocate_buffers_internal() function in drivers/media/platform/allegro-dvt/allegro-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU102935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57889
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ARRAY_SIZE(), mcp_pinconf_get() and mcp_pinconf_set() functions in drivers/pinctrl/pinctrl-mcp23s08.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU102941
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43098
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i3c_device_uevent() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU102084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56614
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_map_delete_elem() function in net/xdp/xskmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds write
EUVDB-ID: #VU102090
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53197
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited against Android devices.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
34) NULL pointer dereference
EUVDB-ID: #VU103027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21640
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Integer overflow
EUVDB-ID: #VU103133
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57938
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the sctp_association_init() function in net/sctp/associola.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Double free
EUVDB-ID: #VU101230
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53140
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the netlink_skb_set_owner_r(), netlink_sock_destruct(), deferred_put_nlk_sk() and netlink_release() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL pointer dereference
EUVDB-ID: #VU103021
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_ablock() function in drivers/md/persistent-data/dm-array.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU102107
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_sdiod_sgtable_alloc() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Resource management error
EUVDB-ID: #VU102226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56691
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the wcove_typec_probe() function in drivers/usb/typec/tcpm/wcove.c, within the ARRAY_SIZE(), bxtwc_add_chained_irq_chip() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Incorrect calculation
EUVDB-ID: #VU103753
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21687
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Resource management error
EUVDB-ID: #VU102490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56770
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tfifo_reset(), tfifo_enqueue(), netem_enqueue() and netem_dequeue() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU101226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53131
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __nilfs_get_page_block() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU102180
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56531
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_usb_caiaq_input_free() function in sound/usb/caiaq/input.c, within the setup_card(), init_card() and snd_disconnect() functions in sound/usb/caiaq/device.c, within the snd_usb_caiaq_audio_init() function in sound/usb/caiaq/audio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU102018
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56603
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Out-of-bounds read
EUVDB-ID: #VU103016
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21653
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the NLA_POLICY_MAX() function in net/sched/cls_flow.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use-after-free
EUVDB-ID: #VU102070
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53239
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper locking
EUVDB-ID: #VU103127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57946
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtblk_remove() and virtblk_restore() functions in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU102044
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56581
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_ref_tree_mod() function in fs/btrfs/ref-verify.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU102157
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56694
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_strp_data_ready() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU102086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56597
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU102912
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpumsf_pmu_stop() function in arch/s390/kernel/perf_cpum_sf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU102015
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56601
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv4/af_inet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU101911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53156
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Memory leak
EUVDB-ID: #VU101980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56747
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qedi_alloc_and_init_sb() function in drivers/scsi/qedi/qedi_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Integer overflow
EUVDB-ID: #VU101921
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53146
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds read
EUVDB-ID: #VU103120
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21664
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_first_thin() function in drivers/md/dm-thin.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) NULL pointer dereference
EUVDB-ID: #VU102133
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53217
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd4_process_cb_update() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU103025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21638
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_alpha_beta() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) NULL pointer dereference
EUVDB-ID: #VU101914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53157
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_dvfs_get_info() function in drivers/firmware/arm_scpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU102096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xs_sock_reset_state_flags() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU98988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU102058
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53173
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU102020
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56605
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use-after-free
EUVDB-ID: #VU102022
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56619
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU98871
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU98873
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper error handling
EUVDB-ID: #VU102204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56586
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_write_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use-after-free
EUVDB-ID: #VU102905
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57892
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brelse() function in fs/ocfs2/quota_local.c, within the ocfs2_get_next_id() function in fs/ocfs2/quota_global.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Input validation error
EUVDB-ID: #VU102279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56562
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i3c_master_put_i3c_addrs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper error handling
EUVDB-ID: #VU102956
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57902
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the packet_current_frame() and vlan_get_tci() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU101927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53148
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the comedi_mmap() function in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Use-after-free
EUVDB-ID: #VU102049
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53194
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_slot_release(), pci_bus_get() and make_slot_name() functions in drivers/pci/slot.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Input validation error
EUVDB-ID: #VU102266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56720
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sk_msg_shift_left() and BPF_CALL_4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Memory leak
EUVDB-ID: #VU101099
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53121
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lookup_fte_locked() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) NULL pointer dereference
EUVDB-ID: #VU102927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cache_set_flush() function in drivers/md/bcache/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use-after-free
EUVDB-ID: #VU102397
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56767
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the at_xdmac_prep_dma_memset() function in drivers/dma/at_xdmac.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Improper locking
EUVDB-ID: #VU102489
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dquot_writeback_dquots() function in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Use-after-free
EUVDB-ID: #VU102075
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56548
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper privilege management
EUVDB-ID: #VU103139
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57931
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the services_compute_xperms_decision() function in security/selinux/ss/services.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Resource management error
EUVDB-ID: #VU102224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56724
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bxt_wcove_tmu_irq_handler() and bxt_wcove_tmu_probe() functions in drivers/platform/x86/intel/bxtwc_tmu.c, within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use of uninitialized resource
EUVDB-ID: #VU101347
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53142
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_name() and do_copy() functions in init/initramfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Out-of-bounds read
EUVDB-ID: #VU102092
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53214
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) NULL pointer dereference
EUVDB-ID: #VU103026
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21639
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() and proc_sctp_do_rto_min() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Use-after-free
EUVDB-ID: #VU96515
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper error handling
EUVDB-ID: #VU102201
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56659
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/lapb.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Memory leak
EUVDB-ID: #VU103004
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57908
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmx61_trigger_handler() function in drivers/iio/imu/kmx61.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Resource management error
EUVDB-ID: #VU103049
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57913
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the functionfs_bind() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Resource management error
EUVDB-ID: #VU102231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53181
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vector_device_release() function in arch/um/drivers/vector_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improper error handling
EUVDB-ID: #VU102203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56630
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_get_init_inode() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Out-of-bounds read
EUVDB-ID: #VU102085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Buffer overflow
EUVDB-ID: #VU102236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56539
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Resource management error
EUVDB-ID: #VU103921
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57951
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hrtimers_prepare_cpu() and hrtimers_cpu_dying() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU102016
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv6/af_inet6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Resource management error
EUVDB-ID: #VU102974
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52332
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igb_init_module() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU102929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55916
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the util_probe() function in drivers/hv/hv_util.c, within the hv_vss_init() function in drivers/hv/hv_snapshot.c, within the hv_kvp_init() function in drivers/hv/hv_kvp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) NULL pointer dereference
EUVDB-ID: #VU101225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53130
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nilfs_grab_buffer() function in fs/nilfs2/page.c, within the nilfs_mdt_create_block() function in fs/nilfs2/mdt.c, within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c, within the nilfs_btnode_create_block() and nilfs_btnode_submit_block() functions in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) NULL pointer dereference
EUVDB-ID: #VU102104
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56587
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brightness_show() and max_brightness_show() functions in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Memory leak
EUVDB-ID: #VU103007
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57911
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_simple_dummy_trigger_h() function in drivers/iio/dummy/iio_simple_dummy_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Improper error handling
EUVDB-ID: #VU102954
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57901
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vlan_get_tci() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Improper locking
EUVDB-ID: #VU102938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57807
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the megasas_aen_polling() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Buffer overflow
EUVDB-ID: #VU99101
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) NULL pointer dereference
EUVDB-ID: #VU103920
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21697
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Memory leak
EUVDB-ID: #VU102006
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53198
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xenbus_dev_probe() function in drivers/xen/xenbus/xenbus_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Integer overflow
EUVDB-ID: #VU101920
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53145
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the setup_physmem() function in arch/um/kernel/physmem.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Memory leak
EUVDB-ID: #VU103006
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vcnl4035_trigger_consumer_handler() function in drivers/iio/light/vcnl4035.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Resource management error
EUVDB-ID: #VU102247
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49034
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the show_cpuinfo() function in arch/sh/kernel/cpu/proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) NULL pointer dereference
EUVDB-ID: #VU102114
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56629
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Input validation error
EUVDB-ID: #VU102280
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56570
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ovl_dentry_init_flags() function in fs/overlayfs/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Improper error handling
EUVDB-ID: #VU103592
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57948
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Use-after-free
EUVDB-ID: #VU102067
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53227
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfad_init() function in drivers/scsi/bfa/bfad.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Memory leak
EUVDB-ID: #VU101989
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56643
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dccp_feat_change_recv() function in net/dccp/feat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Use-after-free
EUVDB-ID: #VU102017
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56602
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Resource management error
EUVDB-ID: #VU103048
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57904
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the at91_ts_register() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Improper locking
EUVDB-ID: #VU102160
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56594
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_ttm_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Out-of-bounds read
EUVDB-ID: #VU102083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56615
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Integer underflow
EUVDB-ID: #VU102965
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53690
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nilfs_lookup() function in fs/nilfs2/namei.c, within the nilfs_iget() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Out-of-bounds read
EUVDB-ID: #VU102078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56650
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the led_tg_check() function in net/netfilter/xt_LED.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Resource management error
EUVDB-ID: #VU103923
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21699
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Memory leak
EUVDB-ID: #VU101992
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56644
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ip6_negative_advice() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Use-after-free
EUVDB-ID: #VU102024
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56631
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Resource management error
EUVDB-ID: #VU102235
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53183
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the net_device_release() function in arch/um/drivers/net_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Use-after-free
EUVDB-ID: #VU102917
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50051
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpc52xx_spi_remove() function in drivers/spi/spi-mpc52xx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Use-after-free
EUVDB-ID: #VU98867
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) NULL pointer dereference
EUVDB-ID: #VU102126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56569
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ftrace_mod_callback() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Out-of-bounds read
EUVDB-ID: #VU102087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56596
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the jfs_readdir() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Memory leak
EUVDB-ID: #VU103008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57912
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zpa2326_fill_sample_buffer() function in drivers/iio/pressure/zpa2326.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Resource management error
EUVDB-ID: #VU102492
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56781
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fixup_device_tree_chrp(), fixup_device_tree_pmac() and fixup_device_tree() functions in arch/powerpc/kernel/prom_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Use of uninitialized resource
EUVDB-ID: #VU102960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57802
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nr_route_frame() function in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Double free
EUVDB-ID: #VU102192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the xen_9pfs_front_free() function in net/9p/trans_xen.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Buffer overflow
EUVDB-ID: #VU102968
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57850
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the jffs2_rtime_decompress() function in fs/jffs2/compr_rtime.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Memory leak
EUVDB-ID: #VU103002
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57906
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ads8688_trigger_handler() function in drivers/iio/adc/ti-ads8688.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Improper locking
EUVDB-ID: #VU103590
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21678
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gtp_newlink() and gtp_net_exit_batch_rtnl() functions in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) NULL pointer dereference
EUVDB-ID: #VU102115
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56634
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the grgpio_probe() function in drivers/gpio/gpio-grgpio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Incorrect calculation
EUVDB-ID: #VU101234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53138
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the tx_sync_info_get(), mlx5e_ktls_tx_handle_resync_dump_comp() and mlx5e_ktls_tx_handle_ooo() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Out-of-bounds read
EUVDB-ID: #VU90324
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47219
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Integer overflow
EUVDB-ID: #VU102963
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57890
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the uverbs_request_next_ptr(), ib_uverbs_post_send() and ib_uverbs_unmarshall_recv() functions in drivers/infiniband/core/uverbs_cmd.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Improper locking
EUVDB-ID: #VU101107
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53112
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_commit_trans() function in fs/ocfs2/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Use-after-free
EUVDB-ID: #VU102057
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53174
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the c_show() function in net/sunrpc/cache.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Use-after-free
EUVDB-ID: #VU102008
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56756
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_free_host_mem(), __nvme_alloc_host_mem() and kfree() functions in drivers/nvme/host/pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Memory leak
EUVDB-ID: #VU102477
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56779
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the release_open_stateid(), spin_lock() and nfsd4_process_open2() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU102909
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zone_reclaimable_pages() function in mm/vmscan.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Memory leak
EUVDB-ID: #VU101981
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56746
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sh7760fb_alloc_mem() function in drivers/video/fbdev/sh7760fb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Integer overflow
EUVDB-ID: #VU101923
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53161
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the bluefield_edac_check() function in drivers/edac/bluefield_edac.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Use-after-free
EUVDB-ID: #VU102903
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX() and ila_add_mapping() functions in net/ipv6/ila/ila_xlat.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Division by zero
EUVDB-ID: #VU102216
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56567
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad7780_write_raw() function in drivers/iio/adc/ad7780.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Use-after-free
EUVDB-ID: #VU102025
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56633
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Use-after-free
EUVDB-ID: #VU103918
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21694
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __read_vmcore() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Use-after-free
EUVDB-ID: #VU102062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53165
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Use-after-free
EUVDB-ID: #VU102029
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56642
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bearer() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Resource management error
EUVDB-ID: #VU102234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53184
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ubd_open_dev() function in arch/um/drivers/ubd_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Out-of-bounds read
EUVDB-ID: #VU96550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44938
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Race condition within a thread
EUVDB-ID: #VU101113
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53124
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_v6_do_rcv() function in net/ipv6/tcp_ipv6.c, within the dccp_v6_do_rcv() function in net/dccp/ipv6.c. A local user can corrupt data.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Out-of-bounds read
EUVDB-ID: #VU103742
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21689
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) NULL pointer dereference
EUVDB-ID: #VU102928
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53680
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1060.60
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1140.134
linux-image-kvm (Ubuntu package): before 5.4.0.1129.125
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1088.117
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1145.147
linux-image-bluefield (Ubuntu package): before 5.4.0.1101.97
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1147.141
linux-image-5.4.0-1147-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1145-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1140-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-kvm (Ubuntu package): before 5.4.0-1129.138
linux-image-5.4.0-1101-bluefield (Ubuntu package): before 5.4.0-1101.108
linux-image-5.4.0-1088-ibm (Ubuntu package): before 5.4.0-1088.93
linux-image-5.4.0-1060-xilinx-zynqmp (Ubuntu package): before 5.4.0-1060.64
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1147-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1145-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1140-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1129-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1101-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1088-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_4_0-1060-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7392-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
