Ubuntu update for linux-hwe-6.8
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 325 |
| CVE-ID | CVE-2024-8805 CVE-2025-0927 CVE-2024-49950 CVE-2024-49955 CVE-2024-50077 CVE-2024-57798 CVE-2024-47671 CVE-2024-49987 CVE-2024-50078 CVE-2024-49985 CVE-2024-49981 CVE-2024-49852 CVE-2024-49882 CVE-2024-49925 CVE-2024-50047 CVE-2024-47752 CVE-2024-49851 CVE-2024-50229 CVE-2024-47675 CVE-2024-50017 CVE-2024-47726 CVE-2024-50008 CVE-2024-49889 CVE-2024-50059 CVE-2024-53144 CVE-2024-49959 CVE-2024-49886 CVE-2024-50035 CVE-2024-50036 CVE-2024-47713 CVE-2024-47720 CVE-2024-47756 CVE-2024-49974 CVE-2024-49864 CVE-2024-47688 CVE-2024-47735 CVE-2024-50060 CVE-2024-50182 CVE-2024-49894 CVE-2024-50002 CVE-2024-47748 CVE-2024-49949 CVE-2024-47757 CVE-2024-47678 CVE-2024-47737 CVE-2024-49880 CVE-2024-50093 CVE-2024-49914 CVE-2024-50048 CVE-2024-56658 CVE-2024-50058 CVE-2024-49995 CVE-2024-50096 CVE-2024-49877 CVE-2024-47715 CVE-2024-50007 CVE-2024-56614 CVE-2024-49948 CVE-2024-49935 CVE-2024-50009 CVE-2024-50200 CVE-2024-50070 CVE-2024-49856 CVE-2024-50005 CVE-2024-49865 CVE-2024-50085 CVE-2024-49892 CVE-2024-53063 CVE-2024-47695 CVE-2024-49991 CVE-2024-47687 CVE-2024-53140 CVE-2024-50179 CVE-2024-47682 CVE-2024-50080 CVE-2024-50056 CVE-2024-47690 CVE-2024-49939 CVE-2024-56663 CVE-2024-49913 CVE-2024-47745 CVE-2024-47739 CVE-2024-49920 CVE-2024-47704 CVE-2024-50068 CVE-2024-49876 CVE-2024-49992 CVE-2024-49980 CVE-2024-49907 CVE-2024-50019 CVE-2024-47747 CVE-2024-50022 CVE-2024-49946 CVE-2024-56595 CVE-2024-49875 CVE-2024-49968 CVE-2024-47706 CVE-2024-56672 CVE-2024-47744 CVE-2024-49866 CVE-2024-47677 CVE-2024-49999 CVE-2024-47684 CVE-2024-49952 CVE-2024-47702 CVE-2024-50084 CVE-2024-49884 CVE-2024-53165 CVE-2024-49997 CVE-2024-50082 CVE-2024-47705 CVE-2024-49958 CVE-2024-50031 CVE-2024-49927 CVE-2024-50171 CVE-2024-50193 CVE-2024-49965 CVE-2024-49919 CVE-2024-49915 CVE-2024-47712 CVE-2024-47692 CVE-2024-47686 CVE-2024-47727 CVE-2024-50000 CVE-2024-50006 CVE-2024-47714 CVE-2024-49878 CVE-2024-49911 CVE-2024-49936 CVE-2024-50028 CVE-2024-50046 CVE-2024-49975 CVE-2024-47709 CVE-2024-47718 CVE-2024-50192 CVE-2024-49928 CVE-2024-50030 CVE-2024-49874 CVE-2024-49903 CVE-2024-47711 CVE-2024-50069 CVE-2024-49923 CVE-2024-47723 CVE-2024-50233 CVE-2024-50088 CVE-2024-49859 CVE-2024-49973 CVE-2024-47685 CVE-2024-47679 CVE-2024-49890 CVE-2024-53104 CVE-2024-47670 CVE-2024-47730 CVE-2024-49861 CVE-2024-50086 CVE-2024-49893 CVE-2024-56582 CVE-2024-47719 CVE-2024-49982 CVE-2024-47691 CVE-2024-50087 CVE-2024-50185 CVE-2024-50045 CVE-2024-50064 CVE-2024-47689 CVE-2024-50020 CVE-2024-47672 CVE-2024-49966 CVE-2024-50038 CVE-2024-49897 CVE-2024-49969 CVE-2024-50180 CVE-2024-49901 CVE-2024-47751 CVE-2024-49850 CVE-2024-49951 CVE-2024-49905 CVE-2024-49953 CVE-2024-50001 CVE-2024-50062 CVE-2024-49994 CVE-2024-47734 CVE-2024-50175 CVE-2024-50195 CVE-2024-50049 CVE-2024-47753 CVE-2024-50074 CVE-2024-50202 CVE-2024-47728 CVE-2024-49902 CVE-2024-50187 CVE-2024-49954 CVE-2024-50024 CVE-2024-49929 CVE-2024-53170 CVE-2024-49855 CVE-2024-50134 CVE-2024-50039 CVE-2024-47754 CVE-2024-47743 CVE-2024-50198 CVE-2024-47698 CVE-2024-49989 CVE-2024-50191 CVE-2024-50063 CVE-2024-49879 CVE-2024-49983 CVE-2024-50016 CVE-2024-47696 CVE-2024-50099 CVE-2024-50025 CVE-2024-47731 CVE-2024-49853 CVE-2024-47697 CVE-2024-56598 CVE-2024-50196 CVE-2024-49977 CVE-2024-49896 CVE-2024-50090 CVE-2024-49881 CVE-2024-50055 CVE-2024-50029 CVE-2024-49978 CVE-2024-49917 CVE-2024-49868 CVE-2024-50201 CVE-2024-47707 CVE-2024-50188 CVE-2024-49870 CVE-2024-49960 CVE-2024-50026 CVE-2024-50014 CVE-2024-50072 CVE-2024-49900 CVE-2024-49895 CVE-2024-47732 CVE-2024-50044 CVE-2024-47703 CVE-2024-47700 CVE-2024-49986 CVE-2024-49858 CVE-2024-49944 CVE-2024-49912 CVE-2024-50015 CVE-2024-50075 CVE-2024-47673 CVE-2024-49926 CVE-2024-49933 CVE-2024-50095 CVE-2024-50027 CVE-2024-49957 CVE-2024-49996 CVE-2024-49862 CVE-2024-49891 CVE-2024-49863 CVE-2024-49871 CVE-2024-50061 CVE-2024-53156 CVE-2024-47716 CVE-2024-50184 CVE-2024-49918 CVE-2024-50013 CVE-2024-50073 CVE-2024-50042 CVE-2024-50199 CVE-2024-49922 CVE-2024-50098 CVE-2024-50148 CVE-2024-49921 CVE-2024-50176 CVE-2024-50194 CVE-2024-49961 CVE-2024-49931 CVE-2024-50101 CVE-2024-50021 CVE-2024-47701 CVE-2024-50033 CVE-2024-47740 CVE-2024-50041 CVE-2024-49947 CVE-2024-49972 CVE-2024-47750 CVE-2024-49934 CVE-2024-49924 CVE-2024-49860 CVE-2024-50012 CVE-2024-47681 CVE-2024-49930 CVE-2024-49883 CVE-2024-47710 CVE-2024-50186 CVE-2024-49976 CVE-2024-47738 CVE-2024-47742 CVE-2024-50197 CVE-2024-50302 CVE-2024-49938 CVE-2024-49888 CVE-2024-47693 CVE-2024-49937 CVE-2024-41016 CVE-2024-49945 CVE-2024-50023 CVE-2024-47749 CVE-2024-50057 CVE-2024-49962 CVE-2024-49998 CVE-2024-50076 CVE-2024-50083 CVE-2024-49909 CVE-2024-47733 CVE-2024-50117 CVE-2024-47741 CVE-2024-50040 CVE-2024-50066 CVE-2024-49942 CVE-2024-50065 CVE-2024-49898 CVE-2024-49867 CVE-2024-49988 CVE-2024-50183 CVE-2024-47699 CVE-2024-49885 CVE-2024-50189 CVE-2024-49963 |
| CWE-ID | CWE-284 CWE-122 CWE-416 CWE-399 CWE-388 CWE-401 CWE-476 CWE-667 CWE-20 CWE-362 CWE-125 CWE-908 CWE-682 CWE-119 CWE-617 CWE-415 CWE-369 CWE-787 CWE-200 CWE-190 CWE-835 CWE-665 CWE-193 |
| Exploitation vector | Local network |
| Public exploit |
Vulnerability #151 is being exploited in the wild. Vulnerability #296 is being exploited in the wild. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-virtual-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04c (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04a (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-57-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-57-generic (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 325 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU97651
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-8805
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the implementation of the HID over GATT Profile. A remote attacker on the local network can bypass implemented security restrictions and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU104094
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-0927
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hfs_bnode_read_key() function in HFS+ filesystem implementation. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU98876
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU99172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49955
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper error handling
EUVDB-ID: #VU99453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50077
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iso_init() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU102915
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_dp_mst_up_req_work() and drm_dp_mst_handle_up_req() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU98377
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47671
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU98946
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49987
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the show_link_netfilter() function in tools/bpf/bpftool/net.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper error handling
EUVDB-ID: #VU99454
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50078
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bt_exit() function in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU99013
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49985
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU98878
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49981
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU98891
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU99076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49882
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU98871
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU98995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU99045
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47752
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vdec_h264_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU98860
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49851
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU100183
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50229
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU98861
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47675
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bpf_uprobe_multi_link_attach() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU99219
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ident_pud_init() function in arch/x86/mm/ident_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU99198
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47726
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_setattr() and f2fs_fallocate() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU99167
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50008
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU98868
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49889
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Race condition
EUVDB-ID: #VU99125
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50059
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU101815
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_user_confirm_request_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU99017
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU98903
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49886
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use of uninitialized resource
EUVDB-ID: #VU99083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50035
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Incorrect calculation
EUVDB-ID: #VU99185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50036
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU99032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU98991
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47720
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) NULL pointer dereference
EUVDB-ID: #VU98976
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU99220
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Race condition
EUVDB-ID: #VU99127
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49864
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rxrpc_open_socket() function in net/rxrpc/local_object.c, within the rxrpc_encap_rcv() and rxrpc_io_thread() functions in net/rxrpc/io_thread.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU98982
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_add_driver() function in drivers/base/module.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU99025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47735
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper locking
EUVDB-ID: #VU98994
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50060
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __io_cqring_overflow_flush() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU100147
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50182
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU98912
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49894
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU98942
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50002
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU98889
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47748
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU98952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49949
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU98913
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47757
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU99030
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47678
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the icmpv6_mask_allow(), icmpv6_global_allow(), icmpv6_xrlim_allow(), icmp6_send() and icmpv6_echo_reply() functions in net/ipv6/icmp.c, within the __SPIN_LOCK_UNLOCKED(), icmpv4_mask_allow(), icmpv4_global_allow(), icmpv4_xrlim_allow(), icmp_reply() and __icmp_send() functions in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper error handling
EUVDB-ID: #VU99078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47737
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper error handling
EUVDB-ID: #VU99077
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49880
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the alloc_flex_gd() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU99842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50093
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) NULL pointer dereference
EUVDB-ID: #VU98933
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49914
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper error handling
EUVDB-ID: #VU99061
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50048
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU102033
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56658
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU99205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50058
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Buffer overflow
EUVDB-ID: #VU99192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Buffer overflow
EUVDB-ID: #VU99843
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50096
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) NULL pointer dereference
EUVDB-ID: #VU98966
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49877
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Race condition
EUVDB-ID: #VU99128
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47715
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the EXPORT_SYMBOL_GPL() function in drivers/net/wireless/mediatek/mt76/mac80211.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds read
EUVDB-ID: #VU98902
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50007
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU102084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56614
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_map_delete_elem() function in net/xdp/xskmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Input validation error
EUVDB-ID: #VU99042
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Race condition
EUVDB-ID: #VU99178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49935
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU98923
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50009
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pstate_adjust_perf() and amd_pstate_init_prefcore() functions in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Reachable assertion
EUVDB-ID: #VU100132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50200
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the mte_node_or_none(), mas_wr_walk(), mas_wr_walk_index() and mas_wr_spanning_store() functions in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) NULL pointer dereference
EUVDB-ID: #VU99447
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50070
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_gpiolib_register_bank() function in drivers/pinctrl/stm32/pinctrl-stm32.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper locking
EUVDB-ID: #VU99029
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49856
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use-after-free
EUVDB-ID: #VU98864
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50005
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mac802154_scan_worker() function in net/mac802154/scan.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU98886
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49865
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xe_vm_create_ioctl() function in drivers/gpu/drm/xe/xe_vm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU99443
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Input validation error
EUVDB-ID: #VU99224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49892
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Resource management error
EUVDB-ID: #VU100741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53063
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Out-of-bounds read
EUVDB-ID: #VU98921
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47695
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU98882
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) NULL pointer dereference
EUVDB-ID: #VU98981
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47687
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_vdpa_show_mr_leaks() function in drivers/vdpa/mlx5/core/mr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Double free
EUVDB-ID: #VU101230
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53140
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the netlink_skb_set_owner_r(), netlink_sock_destruct(), deferred_put_nlk_sk() and netlink_release() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Input validation error
EUVDB-ID: #VU100154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50179
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Out-of-bounds read
EUVDB-ID: #VU98916
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47682
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sd_read_block_characteristics() function in drivers/scsi/sd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Memory leak
EUVDB-ID: #VU99439
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50080
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Input validation error
EUVDB-ID: #VU99204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50056
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the find_format_by_pix(), uvc_v4l2_try_format() and uvc_v4l2_enum_format() functions in drivers/usb/gadget/function/uvc_v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Improper error handling
EUVDB-ID: #VU99080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47690
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Improper locking
EUVDB-ID: #VU99019
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49939
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtw89_ops_add_interface() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Input validation error
EUVDB-ID: #VU102187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56663
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the NLA_POLICY_NESTED_ARRAY() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) NULL pointer dereference
EUVDB-ID: #VU98934
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49913
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Input validation error
EUVDB-ID: #VU99229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47745
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Improper locking
EUVDB-ID: #VU99021
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47739
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) NULL pointer dereference
EUVDB-ID: #VU98927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49920
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) NULL pointer dereference
EUVDB-ID: #VU98986
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47704
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_hpo_dp_throttled_vcp_size() and disable_hpo_dp_link_output() functions in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Memory leak
EUVDB-ID: #VU99438
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50068
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mm/damon/sysfs-test.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU98865
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49876
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the get_submit_wq(), xe_guc_submit_init(), __release_guc_id() and __guc_exec_queue_fini_async() functions in drivers/gpu/drm/xe/xe_guc_submit.c, within the xe_device_destroy() and xe_device_create() functions in drivers/gpu/drm/xe/xe_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU98883
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49992
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ltdc_crtc_atomic_print_state(), ltdc_plane_atomic_print_state(), ltdc_plane_create(), ltdc_crtc_init(), ltdc_encoder_init(), ltdc_load() and ltdc_unload() functions in drivers/gpu/drm/stm/ltdc.c, within the drv_load() function in drivers/gpu/drm/stm/drv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper locking
EUVDB-ID: #VU99014
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49980
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vrf_finish_direct() function in drivers/net/vrf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU98925
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Resource management error
EUVDB-ID: #VU99160
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50019
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU98888
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47747
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Buffer overflow
EUVDB-ID: #VU99154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50022
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dax_set_mapping() function in drivers/dax/device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Improper locking
EUVDB-ID: #VU99018
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49946
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ppp_channel_bridge_input() function in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Out-of-bounds read
EUVDB-ID: #VU102088
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56595
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper locking
EUVDB-ID: #VU99020
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49875
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Input validation error
EUVDB-ID: #VU99226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU98897
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47706
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use-after-free
EUVDB-ID: #VU102035
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56672
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the blkcg_unpin_online() function in block/blk-cgroup.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Improper locking
EUVDB-ID: #VU99027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47744
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), kvm_online_cpu(), hardware_disable_nolock(), hardware_disable_all_nolock(), hardware_enable_all() and kvm_suspend() functions in virt/kvm/kvm_main.c, within the cpus_read_lock() function in Documentation/virt/kvm/locking.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Resource management error
EUVDB-ID: #VU99146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49866
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Memory leak
EUVDB-ID: #VU98862
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47677
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exfat_create_upcase_table() function in fs/exfat/nls.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper error handling
EUVDB-ID: #VU99069
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49999
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the afs_wait_for_operation() function in fs/afs/fs_operation.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) NULL pointer dereference
EUVDB-ID: #VU98980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47684
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Buffer overflow
EUVDB-ID: #VU99151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49952
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Input validation error
EUVDB-ID: #VU99048
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47702
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_is_valid_access(), xdp_is_valid_access() and flow_dissector_is_valid_access() functions in net/core/filter.c, within the check_packet_access() and check_mem_access() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Memory leak
EUVDB-ID: #VU99441
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50084
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Use-after-free
EUVDB-ID: #VU98867
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Use-after-free
EUVDB-ID: #VU102062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53165
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Buffer overflow
EUVDB-ID: #VU99193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49997
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Improper locking
EUVDB-ID: #VU99451
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50082
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU98987
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47705
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Input validation error
EUVDB-ID: #VU99044
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49958
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Resource management error
EUVDB-ID: #VU99135
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50031
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Resource management error
EUVDB-ID: #VU99148
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49927
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Memory leak
EUVDB-ID: #VU100056
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Resource management error
EUVDB-ID: #VU100149
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50193
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/entry/entry_32.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Improper locking
EUVDB-ID: #VU99016
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) NULL pointer dereference
EUVDB-ID: #VU98928
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn201_acquire_free_pipe_for_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) NULL pointer dereference
EUVDB-ID: #VU98932
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49915
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Use-after-free
EUVDB-ID: #VU98895
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47712
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) NULL pointer dereference
EUVDB-ID: #VU98983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47692
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Out-of-bounds read
EUVDB-ID: #VU98922
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47686
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ep93xx_div_recalc_rate() function in arch/arm/mach-ep93xx/clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Input validation error
EUVDB-ID: #VU99231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47727
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the handle_mmio() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) NULL pointer dereference
EUVDB-ID: #VU98943
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50000
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Improper locking
EUVDB-ID: #VU99011
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50006
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Out-of-bounds read
EUVDB-ID: #VU98918
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47714
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mt7996_mcu_sta_bfer_tlv() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Resource management error
EUVDB-ID: #VU99169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49878
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) NULL pointer dereference
EUVDB-ID: #VU98936
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use-after-free
EUVDB-ID: #VU98873
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Incorrect calculation
EUVDB-ID: #VU99184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50028
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Improper locking
EUVDB-ID: #VU98996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50046
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Memory leak
EUVDB-ID: #VU98854
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49975
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Resource management error
EUVDB-ID: #VU99177
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47709
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Use-after-free
EUVDB-ID: #VU98894
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47718
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Resource management error
EUVDB-ID: #VU100144
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50192
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Out-of-bounds read
EUVDB-ID: #VU98909
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49928
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/realtek/rtw89/core.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Improper locking
EUVDB-ID: #VU99000
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50030
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_event_timeout() function in drivers/gpu/drm/xe/xe_guc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Use-after-free
EUVDB-ID: #VU98884
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49874
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svc_i3c_master_remove() function in drivers/i3c/master/svc-i3c-master.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Use-after-free
EUVDB-ID: #VU98869
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49903
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Use-after-free
EUVDB-ID: #VU98896
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47711
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the TEST_F() function in tools/testing/selftests/net/af_unix/msg_oob.c, within the manage_oob() and unix_ioctl() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) NULL pointer dereference
EUVDB-ID: #VU99446
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50069
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_gpio_pinctrl_probe() function in drivers/pinctrl/pinctrl-apple-gpio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) NULL pointer dereference
EUVDB-ID: #VU98950
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49923
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn21_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c, within the dcn20_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Out-of-bounds read
EUVDB-ID: #VU98915
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Division by zero
EUVDB-ID: #VU100200
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50233
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) NULL pointer dereference
EUVDB-ID: #VU99448
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50088
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the add_inode_ref() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Input validation error
EUVDB-ID: #VU99230
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49859
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_defragment_range(), f2fs_move_file_range() and f2fs_ioc_set_pin_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Buffer overflow
EUVDB-ID: #VU99156
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49973
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Use of uninitialized resource
EUVDB-ID: #VU99087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47685
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Improper locking
EUVDB-ID: #VU99031
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) NULL pointer dereference
EUVDB-ID: #VU98964
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49890
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Out-of-bounds write
EUVDB-ID: #VU101102
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53104
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
152) Out-of-bounds read
EUVDB-ID: #VU98365
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47670
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Input validation error
EUVDB-ID: #VU99227
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47730
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qm_set_vf_mse(), qm_controller_reset_prepare(), qm_master_ooo_check() and qm_soft_reset_prepare() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Use of uninitialized resource
EUVDB-ID: #VU99086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49861
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sizeof() function in net/core/filter.c, within the sizeof() function in kernel/trace/bpf_trace.c, within the arg_type_is_dynptr() function in kernel/bpf/verifier.c, within the sizeof() function in kernel/bpf/syscall.c, within the sizeof() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Use-after-free
EUVDB-ID: #VU99444
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50086
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_check_user_session(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the __handle_ksmbd_work() function in fs/smb/server/server.c, within the ksmbd_expire_session(), ksmbd_session_lookup_slowpath(), ksmbd_session_lookup_all() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Improper error handling
EUVDB-ID: #VU99073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49893
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the commit_planes_for_stream_fast() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Use-after-free
EUVDB-ID: #VU102045
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56582
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_encoded_read_endio() function in fs/btrfs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Memory leak
EUVDB-ID: #VU98863
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47719
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iopt_alloc_iova() function in drivers/iommu/iommufd/io_pagetable.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Use-after-free
EUVDB-ID: #VU98879
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Use-after-free
EUVDB-ID: #VU98900
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47691
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_shutdown() function in fs/f2fs/super.c, within the f2fs_ioc_abort_atomic_write(), f2fs_do_shutdown() and f2fs_ioc_shutdown() functions in fs/f2fs/file.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Use of uninitialized resource
EUVDB-ID: #VU99455
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50087
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the replay_one_name() and check_item_in_log() functions in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Reachable assertion
EUVDB-ID: #VU100131
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50185
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Input validation error
EUVDB-ID: #VU99038
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Information disclosure
EUVDB-ID: #VU99117
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50064
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the zram_destroy_comps() function in drivers/block/zram/zram_drv.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Improper locking
EUVDB-ID: #VU99034
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47689
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_handle_critical_error() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Improper error handling
EUVDB-ID: #VU99064
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50020
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ice_sriov_set_msix_vec_count() and ice_sriov_get_irqs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Improper locking
EUVDB-ID: #VU98368
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Improper error handling
EUVDB-ID: #VU99070
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49966
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Resource management error
EUVDB-ID: #VU99159
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50038
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Improper error handling
EUVDB-ID: #VU99072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49897
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Out-of-bounds read
EUVDB-ID: #VU98905
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Buffer overflow
EUVDB-ID: #VU100137
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50180
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) NULL pointer dereference
EUVDB-ID: #VU98960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Out-of-bounds read
EUVDB-ID: #VU98914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47751
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kirin_pcie_parse_port() function in drivers/pci/controller/dwc/pcie-kirin.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) NULL pointer dereference
EUVDB-ID: #VU98974
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49850
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_core_apply() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Resource management error
EUVDB-ID: #VU99171
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49951
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cmd_status_rsp(), mgmt_index_added(), mgmt_power_on() and __mgmt_power_off() functions in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) NULL pointer dereference
EUVDB-ID: #VU98958
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the handle_cursor_update() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Input validation error
EUVDB-ID: #VU99043
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49953
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_ipsec_handle_tx_limit() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Buffer overflow
EUVDB-ID: #VU99157
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50001
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Input validation error
EUVDB-ID: #VU99039
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Integer overflow
EUVDB-ID: #VU99092
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blk_ioctl_discard() and blk_ioctl_secure_erase() functions in block/ioctl.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Resource management error
EUVDB-ID: #VU99174
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47734
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_xdp_get_xmit_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Improper locking
EUVDB-ID: #VU100125
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50175
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the video_stop_streaming() function in drivers/media/platform/qcom/camss/camss-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Resource management error
EUVDB-ID: #VU100150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50195
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Input validation error
EUVDB-ID: #VU99203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Input validation error
EUVDB-ID: #VU99046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47753
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vdec_vp8_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Out-of-bounds read
EUVDB-ID: #VU99445
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50074
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Input validation error
EUVDB-ID: #VU100130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50202
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Memory leak
EUVDB-ID: #VU98856
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47728
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Out-of-bounds read
EUVDB-ID: #VU98910
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49902
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Input validation error
EUVDB-ID: #VU100156
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50187
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Resource management error
EUVDB-ID: #VU99149
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49954
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Infinite loop
EUVDB-ID: #VU99121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50024
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) NULL pointer dereference
EUVDB-ID: #VU98957
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Use-after-free
EUVDB-ID: #VU102060
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53170
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the del_gendisk() function in block/genhd.c, within the blk_register_queue() function in block/blk-sysfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Use-after-free
EUVDB-ID: #VU98893
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Buffer overflow
EUVDB-ID: #VU99837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Resource management error
EUVDB-ID: #VU99133
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50039
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Input validation error
EUVDB-ID: #VU99047
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vdec_h264_slice_single_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) NULL pointer dereference
EUVDB-ID: #VU98972
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47743
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the find_asymmetric_key() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) NULL pointer dereference
EUVDB-ID: #VU100123
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50198
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Out-of-bounds read
EUVDB-ID: #VU98919
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47698
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Double free
EUVDB-ID: #VU99058
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49989
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the link_destruct() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Improper locking
EUVDB-ID: #VU100127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50191
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Buffer overflow
EUVDB-ID: #VU99190
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50063
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) NULL pointer dereference
EUVDB-ID: #VU98965
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Use-after-free
EUVDB-ID: #VU98880
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49983
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Integer overflow
EUVDB-ID: #VU99090
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50016
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Use-after-free
EUVDB-ID: #VU98899
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47696
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Improper locking
EUVDB-ID: #VU99824
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50099
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Improper locking
EUVDB-ID: #VU99001
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50025
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Buffer overflow
EUVDB-ID: #VU99130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47731
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ali_drw_pmu_isr() function in drivers/perf/alibaba_uncore_drw_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Double free
EUVDB-ID: #VU99059
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49853
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the scmi_optee_chan_free() function in drivers/firmware/arm_scmi/optee.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Out-of-bounds read
EUVDB-ID: #VU98920
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47697
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Out-of-bounds read
EUVDB-ID: #VU102085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Infinite loop
EUVDB-ID: #VU100142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50196
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Input validation error
EUVDB-ID: #VU99221
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49977
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tc_setup_cbs() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) NULL pointer dereference
EUVDB-ID: #VU98962
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49896
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Reachable assertion
EUVDB-ID: #VU99830
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50090
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __xe_bb_create_job() function in drivers/gpu/drm/xe/xe_bb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Memory leak
EUVDB-ID: #VU98852
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49881
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Double free
EUVDB-ID: #VU99057
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50055
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Double free
EUVDB-ID: #VU99056
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50029
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the hci_enhanced_setup_sync() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) NULL pointer dereference
EUVDB-ID: #VU98948
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49978
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) NULL pointer dereference
EUVDB-ID: #VU98930
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) NULL pointer dereference
EUVDB-ID: #VU98969
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49868
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) Resource management error
EUVDB-ID: #VU100151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) NULL pointer dereference
EUVDB-ID: #VU98988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) Buffer overflow
EUVDB-ID: #VU100138
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50188
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Memory leak
EUVDB-ID: #VU98851
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49870
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cachefiles_open_file(), fput() and cachefiles_look_up_object() functions in fs/cachefiles/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Use-after-free
EUVDB-ID: #VU98877
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49960
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) Improper Initialization
EUVDB-ID: #VU99129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50026
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the wd33c93_intr() function in drivers/scsi/wd33c93.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) Improper locking
EUVDB-ID: #VU99010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Resource management error
EUVDB-ID: #VU99457
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50072
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/x86/include/asm/nospec-branch.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Use of uninitialized resource
EUVDB-ID: #VU99084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49900
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Out-of-bounds read
EUVDB-ID: #VU98911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49895
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) Use-after-free
EUVDB-ID: #VU98887
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47732
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remove_device_compression_modes() function in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Improper locking
EUVDB-ID: #VU98997
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50044
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Incorrect calculation
EUVDB-ID: #VU99189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47703
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the mark_reg_unknown(), check_packet_access(), check_ctx_access(), check_stack_access_within_bounds(), check_mem_access() and check_return_code() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c, within the BTF_SET_START() function in kernel/bpf/bpf_lsm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Division by zero
EUVDB-ID: #VU99118
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47700
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ext4_block_group_meta_init(), __ext4_fill_super() and __ext4_remount() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) Use-after-free
EUVDB-ID: #VU98881
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49986
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the x86_android_tablet_probe() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Buffer overflow
EUVDB-ID: #VU99152
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49858
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) NULL pointer dereference
EUVDB-ID: #VU98953
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49944
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) NULL pointer dereference
EUVDB-ID: #VU98935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49912
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the planes_changed_for_existing_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Buffer overflow
EUVDB-ID: #VU99099
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50015
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Input validation error
EUVDB-ID: #VU99462
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_xusb_enter_elpg() function in drivers/usb/host/xhci-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Resource management error
EUVDB-ID: #VU98375
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47673
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Resource management error
EUVDB-ID: #VU99147
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49926
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kernel/rcu/tasks.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Out-of-bounds read
EUVDB-ID: #VU98906
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49933
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) Improper locking
EUVDB-ID: #VU99828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50095
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Double free
EUVDB-ID: #VU99055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50027
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the thermal_zone_device_unregister() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) NULL pointer dereference
EUVDB-ID: #VU98941
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) Buffer overflow
EUVDB-ID: #VU99101
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) Off-by-one
EUVDB-ID: #VU99088
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49862
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the get_rpi() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) NULL pointer dereference
EUVDB-ID: #VU98963
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49891
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) NULL pointer dereference
EUVDB-ID: #VU98970
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49863
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
256) NULL pointer dereference
EUVDB-ID: #VU98968
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49871
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
257) Race condition
EUVDB-ID: #VU99126
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50061
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
258) Out-of-bounds read
EUVDB-ID: #VU101911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53156
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
259) Improper error handling
EUVDB-ID: #VU99079
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47716
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm/vfp/vfpinstr.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
260) Resource management error
EUVDB-ID: #VU100143
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50184
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
261) NULL pointer dereference
EUVDB-ID: #VU98929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_acquire_idle_pipe_for_head_pipe_in_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
262) Memory leak
EUVDB-ID: #VU98850
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50013
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exfat_load_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
263) Use-after-free
EUVDB-ID: #VU99442
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
264) Buffer overflow
EUVDB-ID: #VU99155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50042
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ice_vf_pre_vsi_rebuild() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c, within the ice_sriov_set_msix_vec_count() function in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
265) Use-after-free
EUVDB-ID: #VU100120
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50199
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unuse_mm() function in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
266) NULL pointer dereference
EUVDB-ID: #VU98924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49922
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
267) Improper locking
EUVDB-ID: #VU99823
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50098
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_wl_shutdown() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
268) Resource management error
EUVDB-ID: #VU100087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50148
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
269) NULL pointer dereference
EUVDB-ID: #VU98926
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49921
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
270) Improper error handling
EUVDB-ID: #VU100133
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50176
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dev_err() and rproc_del() functions in drivers/remoteproc/ti_k3_r5_remoteproc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
271) Buffer overflow
EUVDB-ID: #VU100146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50194
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
272) Resource management error
EUVDB-ID: #VU99173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49961
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar0521_power_off() and ar0521_power_on() functions in drivers/media/i2c/ar0521.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
273) Out-of-bounds read
EUVDB-ID: #VU98907
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49931
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
274) Input validation error
EUVDB-ID: #VU99847
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50101
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the domain_context_clear_one_cb() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
275) Incorrect calculation
EUVDB-ID: #VU99183
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50021
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the ice_dpll_init_rclk_pins() function in drivers/net/ethernet/intel/ice/ice_dpll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
276) Use-after-free
EUVDB-ID: #VU98898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47701
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
277) Use of uninitialized resource
EUVDB-ID: #VU99082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50033
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
278) Input validation error
EUVDB-ID: #VU99228
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47740
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_ioc_start_atomic_write(), f2fs_ioc_commit_atomic_write(), f2fs_ioc_start_volatile_write(), f2fs_ioc_release_volatile_write() and f2fs_ioc_abort_volatile_write() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
279) Improper locking
EUVDB-ID: #VU98999
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50041
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
280) Resource management error
EUVDB-ID: #VU99170
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49947
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
281) Use of uninitialized resource
EUVDB-ID: #VU99085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49972
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dc_state_create() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
282) Use-after-free
EUVDB-ID: #VU98890
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47750
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hns_roce_v2_exit() and __hns_roce_hw_v2_uninit_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
283) Use-after-free
EUVDB-ID: #VU98872
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49934
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
284) Use-after-free
EUVDB-ID: #VU98870
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49924
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
285) Buffer overflow
EUVDB-ID: #VU99194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49860
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
286) Incorrect calculation
EUVDB-ID: #VU99186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50012
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the include/linux/cpufreq.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
287) NULL pointer dereference
EUVDB-ID: #VU98978
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47681
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7996_mcu_sta_bfer_he() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
288) Out-of-bounds read
EUVDB-ID: #VU98908
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49930
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
289) Use-after-free
EUVDB-ID: #VU98866
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49883
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
290) Improper locking
EUVDB-ID: #VU99033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47710
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
291) NULL pointer dereference
EUVDB-ID: #VU100122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50186
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sock_create() function in net/socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
292) Improper locking
EUVDB-ID: #VU99015
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stop_kthread() and stop_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
293) Resource management error
EUVDB-ID: #VU99175
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47738
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_tx_h_rate_ctrl() function in net/mac80211/tx.c, within the ieee80211_send_scan_probe_req() function in net/mac80211/scan.c, within the ieee80211_get_tx_rates() function in net/mac80211/rate.c, within the ieee80211_mgmt_tx() function in net/mac80211/offchannel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
294) Incorrect calculation
EUVDB-ID: #VU99188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47742
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
295) Memory leak
EUVDB-ID: #VU100119
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50197
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_platform_pinctrl_prepare_community() function in drivers/pinctrl/intel/pinctrl-intel-platform.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
296) Memory leak
EUVDB-ID: #VU100611
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2024-50302
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
Note, the vulnerability is being actively exploited in the wild against Android devices.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
297) Input validation error
EUVDB-ID: #VU99041
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
298) Improper error handling
EUVDB-ID: #VU99074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49888
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the do_misc_fixups() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
299) Resource management error
EUVDB-ID: #VU99176
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47693
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
300) Improper error handling
EUVDB-ID: #VU99071
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49937
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nl80211_start_radar_detection() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
301) Out-of-bounds read
EUVDB-ID: #VU94837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
302) Use-after-free
EUVDB-ID: #VU98875
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49945
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
303) Input validation error
EUVDB-ID: #VU99196
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50023
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the phy_led_hw_is_supported() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
304) NULL pointer dereference
EUVDB-ID: #VU98971
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
305) Resource management error
EUVDB-ID: #VU99132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50057
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tps6598x_remove() function in drivers/usb/typec/tipd/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
306) NULL pointer dereference
EUVDB-ID: #VU98949
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49962
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
307) NULL pointer dereference
EUVDB-ID: #VU98944
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49998
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and dsa_switch_shutdown() functions in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
308) Buffer overflow
EUVDB-ID: #VU99460
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50076
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the con_font_get() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
309) Resource management error
EUVDB-ID: #VU99458
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50083
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
310) NULL pointer dereference
EUVDB-ID: #VU98938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49909
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
311) Memory leak
EUVDB-ID: #VU98857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47733
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netfs_init() and fs_initcall() functions in fs/netfs/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
312) NULL pointer dereference
EUVDB-ID: #VU99818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50117
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
313) Memory leak
EUVDB-ID: #VU98858
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47741
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the find_desired_extent_in_hole() and find_desired_extent() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
314) Improper error handling
EUVDB-ID: #VU99062
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50040
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
315) Improper locking
EUVDB-ID: #VU99290
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50066
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the move_normal_pmd() function in mm/mremap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
316) NULL pointer dereference
EUVDB-ID: #VU98954
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49942
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xe_bo_move() function in drivers/gpu/drm/xe/xe_bo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
317) Improper locking
EUVDB-ID: #VU98993
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50065
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_d_hash() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
318) NULL pointer dereference
EUVDB-ID: #VU98961
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subvp_drr_schedulable() and subvp_vblank_schedulable() functions in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
319) Use-after-free
EUVDB-ID: #VU98885
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
320) Incorrect calculation
EUVDB-ID: #VU99187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49988
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the session_fd_check() and ksmbd_reopen_durable_fd() functions in fs/smb/server/vfs_cache.c, within the alloc_opinfo(), free_opinfo(), opinfo_get_list(), smb_send_parent_lease_break_noti(), smb_lazy_parent_lease_break_close(), smb_grant_oplock(), smb_break_all_write_oplock() and smb_break_all_levII_oplock() functions in fs/smb/server/oplock.c, within the ksmbd_conn_free() and ksmbd_conn_alloc() functions in fs/smb/server/connection.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
321) Improper locking
EUVDB-ID: #VU100126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50183
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c, within the lpfc_cmpl_ct() function in drivers/scsi/lpfc/lpfc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
322) NULL pointer dereference
EUVDB-ID: #VU98985
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47699
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
323) Buffer overflow
EUVDB-ID: #VU99191
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49885
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the slab_update_freelist(), print_slab_info(), inc_slabs_node() and slab_free_hook() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
324) Buffer overflow
EUVDB-ID: #VU100145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50189
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
325) Resource management error
EUVDB-ID: #VU99150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49963
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04d (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04c (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04b (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04a (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-oem-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic-64k (Ubuntu package): before 6.8.0-57.59~22.04.1
linux-image-6.8.0-57-generic (Ubuntu package): before 6.8.0-57.59~22.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6_8_0-57-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7403-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
