Ubuntu update for linux-hwe-5.15
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 255 |
| CVE-ID | CVE-2024-50242 CVE-2024-53165 CVE-2024-56569 CVE-2024-57938 CVE-2024-57889 CVE-2024-53226 CVE-2024-57882 CVE-2024-57913 CVE-2024-53096 CVE-2024-56575 CVE-2024-56630 CVE-2024-50055 CVE-2024-53129 CVE-2025-21646 CVE-2024-50121 CVE-2024-56594 CVE-2024-57802 CVE-2024-53183 CVE-2024-57904 CVE-2025-21653 CVE-2024-56633 CVE-2024-56595 CVE-2024-56659 CVE-2024-47730 CVE-2024-57948 CVE-2024-56614 CVE-2024-56601 CVE-2024-36476 CVE-2024-49998 CVE-2024-53122 CVE-2024-56701 CVE-2024-56781 CVE-2024-56785 CVE-2024-47707 CVE-2025-21694 CVE-2024-56715 CVE-2024-56693 CVE-2024-56587 CVE-2024-56726 CVE-2024-56688 CVE-2024-53124 CVE-2024-46871 CVE-2025-21648 CVE-2024-56603 CVE-2024-56779 CVE-2025-21637 CVE-2025-21664 CVE-2024-57951 CVE-2024-53136 CVE-2025-21687 CVE-2024-57798 CVE-2024-53680 CVE-2024-56606 CVE-2024-56643 CVE-2024-56634 CVE-2024-56716 CVE-2024-57908 CVE-2024-56774 CVE-2024-56562 CVE-2025-21669 CVE-2024-57849 CVE-2024-56623 CVE-2024-56691 CVE-2024-53155 CVE-2024-49996 CVE-2024-56615 CVE-2024-47143 CVE-2024-56616 CVE-2024-56589 CVE-2024-56532 CVE-2024-53181 CVE-2024-53112 CVE-2024-53130 CVE-2024-56640 CVE-2024-57791 CVE-2024-56574 CVE-2024-57792 CVE-2024-56690 CVE-2024-57940 CVE-2024-53157 CVE-2024-48881 CVE-2024-57925 CVE-2025-21638 CVE-2024-57897 CVE-2024-56586 CVE-2024-56570 CVE-2024-56694 CVE-2024-56637 CVE-2024-53142 CVE-2024-57906 CVE-2024-49925 CVE-2024-56787 CVE-2024-56605 CVE-2024-57841 CVE-2024-53215 CVE-2024-57917 CVE-2024-43900 CVE-2024-50304 CVE-2024-56780 CVE-2024-56644 CVE-2024-56597 CVE-2025-21640 CVE-2024-56756 CVE-2024-53239 CVE-2024-57912 CVE-2024-56567 CVE-2024-55881 CVE-2024-53237 CVE-2024-56593 CVE-2024-53184 CVE-2024-56708 CVE-2024-57911 CVE-2024-56746 CVE-2024-53197 CVE-2024-57807 CVE-2024-57903 CVE-2024-56369 CVE-2024-56739 CVE-2024-56600 CVE-2024-57838 CVE-2024-53120 CVE-2024-57929 CVE-2024-56754 CVE-2024-56679 CVE-2024-56745 CVE-2024-57890 CVE-2025-21697 CVE-2024-57931 CVE-2024-53172 CVE-2024-53227 CVE-2024-56548 CVE-2024-53206 CVE-2024-56650 CVE-2024-56769 CVE-2024-57902 CVE-2025-21666 CVE-2024-56705 CVE-2025-21680 CVE-2025-21689 CVE-2024-57907 CVE-2024-56670 CVE-2024-56728 CVE-2024-53146 CVE-2024-55916 CVE-2024-53685 CVE-2024-56578 CVE-2024-57896 CVE-2024-49950 CVE-2024-56763 CVE-2024-44938 CVE-2025-21678 CVE-2024-57874 CVE-2024-47408 CVE-2024-56636 CVE-2024-56723 CVE-2024-56776 CVE-2024-56681 CVE-2024-56610 CVE-2024-56581 CVE-2024-56539 CVE-2024-56720 CVE-2024-53135 CVE-2025-21639 CVE-2024-53158 CVE-2024-53214 CVE-2024-46784 CVE-2024-53194 CVE-2024-57939 CVE-2024-56747 CVE-2024-53161 CVE-2024-57850 CVE-2024-56602 CVE-2025-21692 CVE-2024-56626 CVE-2024-53113 CVE-2024-56770 CVE-2024-53121 CVE-2024-56598 CVE-2024-57900 CVE-2022-49034 CVE-2024-53198 CVE-2024-53171 CVE-2024-56619 CVE-2024-56631 CVE-2024-56558 CVE-2024-53138 CVE-2024-53151 CVE-2024-56622 CVE-2024-56704 CVE-2024-53173 CVE-2024-56662 CVE-2024-53131 CVE-2025-21683 CVE-2024-53125 CVE-2025-21631 CVE-2024-56625 CVE-2025-21699 CVE-2024-53140 CVE-2024-57910 CVE-2024-56724 CVE-2024-56777 CVE-2024-56596 CVE-2024-56648 CVE-2024-53145 CVE-2024-50051 CVE-2024-58087 CVE-2024-57884 CVE-2024-57946 CVE-2025-21636 CVE-2024-35864 CVE-2024-57892 CVE-2024-56572 CVE-2024-56778 CVE-2024-53156 CVE-2024-56531 CVE-2024-56629 CVE-2024-56698 CVE-2024-43098 CVE-2024-56700 CVE-2024-56533 CVE-2025-21665 CVE-2024-56658 CVE-2025-21690 CVE-2024-53150 CVE-2024-52332 CVE-2024-53180 CVE-2024-53119 CVE-2024-53217 CVE-2024-49974 CVE-2024-57922 CVE-2024-26928 CVE-2024-56568 CVE-2024-53174 CVE-2024-56767 CVE-2024-56590 CVE-2024-56642 CVE-2024-56748 CVE-2024-56645 CVE-2024-46841 CVE-2024-46809 CVE-2024-42315 CVE-2024-56678 CVE-2024-36899 CVE-2024-56759 CVE-2024-50275 CVE-2024-49571 CVE-2024-53148 CVE-2024-56576 CVE-2024-53099 CVE-2024-56627 CVE-2024-53690 CVE-2024-50283 CVE-2024-53127 CVE-2024-45828 CVE-2024-57901 |
| CWE-ID | CWE-20 CWE-416 CWE-476 CWE-190 CWE-667 CWE-399 CWE-401 CWE-388 CWE-415 CWE-908 CWE-125 CWE-369 CWE-366 CWE-119 CWE-682 CWE-835 CWE-362 CWE-787 CWE-269 CWE-617 CWE-191 CWE-665 |
| Exploitation vector | Local network |
| Public exploit | Vulnerability #114 is being exploited in the wild. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-virtual-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04c (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-136-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-136-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-136-generic (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 255 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU100207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50242
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_file_release() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU102062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53165
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU102126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56569
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ftrace_mod_callback() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU103133
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57938
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the sctp_association_init() function in net/sctp/associola.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU102935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57889
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ARRAY_SIZE(), mcp_pinconf_get() and mcp_pinconf_set() functions in drivers/pinctrl/pinctrl-mcp23s08.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU102142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53226
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU102921
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57882
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mptcp_established_options_add_addr() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU103049
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57913
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the functionfs_bind() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU100936
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53096
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the do_munmap(), mmap_region(), vma_set_page_prot() and vms_abort_munmap_vmas() functions in mm/mmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU102124
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56575
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mxc_jpeg_detach_pm_domains() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper error handling
EUVDB-ID: #VU102203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56630
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_get_init_inode() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Double free
EUVDB-ID: #VU99057
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50055
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU101224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53129
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vop_plane_atomic_async_check() function in drivers/gpu/drm/rockchip/rockchip_drm_vop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU103051
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21646
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the afs_deliver_yfsvl_get_cell_name() function in fs/afs/vlclient.c, within the afs_vl_get_cell_name() and yfs_check_canonical_cell_name() functions in fs/afs/vl_alias.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU99804
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50121
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_state_shutdown_net() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU102160
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56594
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_ttm_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use of uninitialized resource
EUVDB-ID: #VU102960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57802
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nr_route_frame() function in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU102235
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53183
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the net_device_release() function in arch/um/drivers/net_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Resource management error
EUVDB-ID: #VU103048
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57904
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the at91_ts_register() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU103016
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21653
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the NLA_POLICY_MAX() function in net/sched/cls_flow.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU102025
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56633
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU102088
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56595
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper error handling
EUVDB-ID: #VU102201
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56659
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/lapb.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU99227
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47730
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qm_set_vf_mse(), qm_controller_reset_prepare(), qm_master_ooo_check() and qm_soft_reset_prepare() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper error handling
EUVDB-ID: #VU103592
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57948
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU102084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56614
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_map_delete_elem() function in net/xdp/xskmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU102015
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56601
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv4/af_inet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU102920
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36476
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_io_resp_imm() function in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU98944
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49998
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and dsa_switch_shutdown() functions in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Division by zero
EUVDB-ID: #VU101111
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53122
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the mptcp_rcv_space_adjust() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU102158
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56701
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dtl_worker_enable() and dtl_worker_disable() functions in arch/powerpc/platforms/pseries/lpar.c, within the dtl_enable() and dtl_disable() functions in arch/powerpc/platforms/pseries/dtl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Resource management error
EUVDB-ID: #VU102492
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56781
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fixup_device_tree_chrp(), fixup_device_tree_pmac() and fixup_device_tree() functions in arch/powerpc/kernel/prom_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Resource management error
EUVDB-ID: #VU102494
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56785
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/mips/boot/dts/loongson/ls7a-pch.dtsi. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU98988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU103918
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21694
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __read_vmcore() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU101986
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56715
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ionic_lif_register() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU102013
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56693
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __setup(), brd_alloc(), brd_cleanup() and brd_init() functions in drivers/block/brd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU102104
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56587
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brightness_show() and max_brightness_show() functions in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU102270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56726
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cn10k_alloc_leaf_profile() function in drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU102096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xs_sock_reset_state_flags() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Race condition within a thread
EUVDB-ID: #VU101113
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53124
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the tcp_v6_do_rcv() function in net/ipv6/tcp_ipv6.c, within the dccp_v6_do_rcv() function in net/dccp/ipv6.c. A local user can corrupt data.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU98381
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46871
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Buffer overflow
EUVDB-ID: #VU103047
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21648
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_ct_alloc_hashtable() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU102018
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56603
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Memory leak
EUVDB-ID: #VU102477
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56779
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the release_open_stateid(), spin_lock() and nfsd4_process_open2() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU103024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds read
EUVDB-ID: #VU103120
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21664
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_first_thin() function in drivers/md/dm-thin.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Resource management error
EUVDB-ID: #VU103921
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57951
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hrtimers_prepare_cpu() and hrtimers_cpu_dying() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU101229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53136
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Incorrect calculation
EUVDB-ID: #VU103753
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21687
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU102915
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_dp_mst_up_req_work() and drm_dp_mst_handle_up_req() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU102928
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53680
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU102021
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56606
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Memory leak
EUVDB-ID: #VU101989
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56643
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dccp_feat_change_recv() function in net/dccp/feat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) NULL pointer dereference
EUVDB-ID: #VU102115
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56634
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the grgpio_probe() function in drivers/gpio/gpio-grgpio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Incorrect calculation
EUVDB-ID: #VU102256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56716
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nsim_dev_health_break_write() function in drivers/net/netdevsim/health.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Memory leak
EUVDB-ID: #VU103004
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57908
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmx61_trigger_handler() function in drivers/iio/imu/kmx61.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU102483
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56774
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Input validation error
EUVDB-ID: #VU102279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56562
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i3c_master_put_i3c_addrs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU103583
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21669
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the virtio_transport_recv_pkt() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU102912
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpumsf_pmu_stop() function in arch/s390/kernel/perf_cpum_sf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU102023
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56623
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2x00_do_dpc() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU102226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56691
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the wcove_typec_probe() function in drivers/usb/typec/tcpm/wcove.c, within the ARRAY_SIZE(), bxtwc_add_chained_irq_chip() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use of uninitialized resource
EUVDB-ID: #VU101917
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53155
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ocfs2_file_write_iter() and ocfs2_file_read_iter() functions in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Buffer overflow
EUVDB-ID: #VU99101
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Out-of-bounds read
EUVDB-ID: #VU102083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56615
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU102949
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47143
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_unmap() function in kernel/dma/debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Out-of-bounds read
EUVDB-ID: #VU102082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56616
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drm_dp_decode_sideband_msg_hdr() function in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper locking
EUVDB-ID: #VU102168
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cq_thread_v3_hw() function in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper locking
EUVDB-ID: #VU102181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56532
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_us122l_disconnect() function in sound/usb/usx2y/us122l.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Resource management error
EUVDB-ID: #VU102231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53181
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vector_device_release() function in arch/um/drivers/vector_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper locking
EUVDB-ID: #VU101107
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53112
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_commit_trans() function in fs/ocfs2/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) NULL pointer dereference
EUVDB-ID: #VU101225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53130
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nilfs_grab_buffer() function in fs/nilfs2/page.c, within the nilfs_mdt_create_block() function in fs/nilfs2/mdt.c, within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c, within the nilfs_btnode_create_block() and nilfs_btnode_submit_block() functions in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use-after-free
EUVDB-ID: #VU102027
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56640
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_listen_out() and smc_listen_work() functions in net/smc/af_smc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Input validation error
EUVDB-ID: #VU102990
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57791
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_wait_msg() function in net/smc/smc_clc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU102125
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56574
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ts2020_regmap_unlock() function in drivers/media/dvb-frontends/ts2020.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Buffer overflow
EUVDB-ID: #VU102978
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57792
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the set_charge_current_limit() function in drivers/power/supply/gpio-charger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Input validation error
EUVDB-ID: #VU102261
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56690
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pcrypt_aead_encrypt() and pcrypt_aead_decrypt() functions in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Infinite loop
EUVDB-ID: #VU103134
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57940
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the exfat_readdir() function in fs/exfat/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) NULL pointer dereference
EUVDB-ID: #VU101914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53157
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_dvfs_get_info() function in drivers/firmware/arm_scpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU102927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cache_set_flush() function in drivers/md/bcache/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU103019
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57925
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_send_interim_resp() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) NULL pointer dereference
EUVDB-ID: #VU103025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21638
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_alpha_beta() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper locking
EUVDB-ID: #VU102932
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57897
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the svm_migrate_copy_to_vram() and svm_migrate_copy_to_ram() functions in drivers/gpu/drm/amd/amdkfd/kfd_migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper error handling
EUVDB-ID: #VU102204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56586
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_write_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Input validation error
EUVDB-ID: #VU102280
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56570
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ovl_dentry_init_flags() function in fs/overlayfs/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper locking
EUVDB-ID: #VU102157
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56694
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_strp_data_ready() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Race condition
EUVDB-ID: #VU102219
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56637
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the find_set_type() function in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use of uninitialized resource
EUVDB-ID: #VU101347
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53142
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_name() and do_copy() functions in init/initramfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Memory leak
EUVDB-ID: #VU103002
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57906
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ads8688_trigger_handler() function in drivers/iio/adc/ti-ads8688.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU98871
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Resource management error
EUVDB-ID: #VU102495
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56787
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx8mq_soc_revision_from_atf(), imx8mq_soc_revision(), imx8mm_soc_uid(), kasprintf(), imx8_soc_init() and kfree() functions in drivers/soc/imx/soc-imx8m.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU102020
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56605
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Memory leak
EUVDB-ID: #VU102892
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57841
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_conn_request() function in net/ipv4/tcp_input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper error handling
EUVDB-ID: #VU102208
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53215
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the svc_rdma_proc_init() function in net/sunrpc/xprtrdma/svc_rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Input validation error
EUVDB-ID: #VU103478
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57917
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an unspecified issue in drivers/base/topology.c. A local user can gain access to sensitive information.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU96515
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Improper locking
EUVDB-ID: #VU100717
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50304
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip_tunnel_find() function in net/ipv4/ip_tunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Improper locking
EUVDB-ID: #VU102489
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dquot_writeback_dquots() function in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Memory leak
EUVDB-ID: #VU101992
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56644
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ip6_negative_advice() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Out-of-bounds read
EUVDB-ID: #VU102086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56597
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) NULL pointer dereference
EUVDB-ID: #VU103027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21640
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Use-after-free
EUVDB-ID: #VU102008
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56756
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_free_host_mem(), __nvme_alloc_host_mem() and kfree() functions in drivers/nvme/host/pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Use-after-free
EUVDB-ID: #VU102070
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53239
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Memory leak
EUVDB-ID: #VU103008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57912
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zpa2326_fill_sample_buffer() function in drivers/iio/pressure/zpa2326.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Division by zero
EUVDB-ID: #VU102216
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56567
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad7780_write_raw() function in drivers/iio/adc/ad7780.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Resource management error
EUVDB-ID: #VU102984
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55881
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the complete_hypercall_exit() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Use-after-free
EUVDB-ID: #VU102069
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53237
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __match_tty() and hci_conn_del_sysfs() functions in net/bluetooth/hci_sysfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU102107
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_sdiod_sgtable_alloc() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Resource management error
EUVDB-ID: #VU102234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53184
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ubd_open_dev() function in arch/um/drivers/ubd_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Buffer overflow
EUVDB-ID: #VU102237
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56708
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the igen6_register_mci() and igen6_unregister_mcis() functions in drivers/edac/igen6_edac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Memory leak
EUVDB-ID: #VU103007
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57911
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_simple_dummy_trigger_h() function in drivers/iio/dummy/iio_simple_dummy_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Memory leak
EUVDB-ID: #VU101981
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56746
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sh7760fb_alloc_mem() function in drivers/video/fbdev/sh7760fb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Out-of-bounds write
EUVDB-ID: #VU102090
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53197
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited against Android devices.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
115) Improper locking
EUVDB-ID: #VU102938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57807
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the megasas_aen_polling() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Improper locking
EUVDB-ID: #VU102931
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57903
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_setsockopt() function in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Division by zero
EUVDB-ID: #VU102970
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56369
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the EXPORT_SYMBOL() and drm_mode_vrefresh() functions in drivers/gpu/drm/drm_modes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper locking
EUVDB-ID: #VU102154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56739
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtc_timer_do_work() function in drivers/rtc/interface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Use-after-free
EUVDB-ID: #VU102016
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv6/af_inet6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Improper error handling
EUVDB-ID: #VU102958
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57838
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch_init_kprobes() function in arch/s390/kernel/kprobes.c, within the SYM_CODE_START() function in arch/s390/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) NULL pointer dereference
EUVDB-ID: #VU101105
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53120
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_tc_ct_entry_add_rule() function in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) NULL pointer dereference
EUVDB-ID: #VU103021
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_ablock() function in drivers/md/persistent-data/dm-array.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Input validation error
EUVDB-ID: #VU102273
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the caam_qi_init() function in drivers/crypto/caam/qi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Input validation error
EUVDB-ID: #VU102277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the otx2_get_max_mtu() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Memory leak
EUVDB-ID: #VU101982
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56745
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the reset_method_store() function in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Integer overflow
EUVDB-ID: #VU102963
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57890
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the uverbs_request_next_ptr(), ib_uverbs_post_send() and ib_uverbs_unmarshall_recv() functions in drivers/infiniband/core/uverbs_cmd.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) NULL pointer dereference
EUVDB-ID: #VU103920
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21697
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper privilege management
EUVDB-ID: #VU103139
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57931
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the services_compute_xperms_decision() function in security/selinux/ss/services.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Resource management error
EUVDB-ID: #VU102249
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53172
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the alloc_ai(), scan_fast() and ubi_attach() functions in drivers/mtd/ubi/attach.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Use-after-free
EUVDB-ID: #VU102067
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53227
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfad_init() function in drivers/scsi/bfa/bfad.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Use-after-free
EUVDB-ID: #VU102075
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56548
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Use-after-free
EUVDB-ID: #VU102046
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53206
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __inet_csk_reqsk_queue_drop() function in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Out-of-bounds read
EUVDB-ID: #VU102078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56650
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the led_tg_check() function in net/netfilter/xt_LED.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Improper error handling
EUVDB-ID: #VU102401
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56769
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the MODULE_PARM_DESC() function in drivers/media/dvb-frontends/dib3000mb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Improper error handling
EUVDB-ID: #VU102956
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57902
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the packet_current_frame() and vlan_get_tci() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) NULL pointer dereference
EUVDB-ID: #VU103513
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21666
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and vsock_connectible_has_data() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Reachable assertion
EUVDB-ID: #VU102190
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56705
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ia_css_3a_statistics_allocate() function in drivers/staging/media/atomisp/pci/sh_css_params.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Out-of-bounds read
EUVDB-ID: #VU103582
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21680
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Out-of-bounds read
EUVDB-ID: #VU103742
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21689
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Memory leak
EUVDB-ID: #VU103003
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57907
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rockchip_saradc_trigger_handler() function in drivers/iio/adc/rockchip_saradc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) NULL pointer dereference
EUVDB-ID: #VU102122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56670
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gs_start_io() function in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Input validation error
EUVDB-ID: #VU102272
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56728
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the otx2_get_pauseparam() and otx2_set_fecparam() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Integer overflow
EUVDB-ID: #VU101921
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53146
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) NULL pointer dereference
EUVDB-ID: #VU102929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55916
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the util_probe() function in drivers/hv/hv_util.c, within the hv_vss_init() function in drivers/hv/hv_snapshot.c, within the hv_kvp_init() function in drivers/hv/hv_kvp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Improper locking
EUVDB-ID: #VU102945
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53685
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/ceph/mds_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Improper error handling
EUVDB-ID: #VU102206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56578
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mxc_jpeg_probe() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Use-after-free
EUVDB-ID: #VU102904
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57896
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Use-after-free
EUVDB-ID: #VU98876
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Resource management error
EUVDB-ID: #VU102404
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56763
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tracing_cpumask_write() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Out-of-bounds read
EUVDB-ID: #VU96550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44938
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Improper locking
EUVDB-ID: #VU103590
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21678
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gtp_newlink() and gtp_net_exit_batch_rtnl() functions in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Memory leak
EUVDB-ID: #VU102897
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57874
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tagged_addr_ctrl_get() and tagged_addr_ctrl_set() functions in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Input validation error
EUVDB-ID: #VU102950
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47408
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_find_ism_v2_device_serv() function in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Resource management error
EUVDB-ID: #VU102245
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56636
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the geneve_xmit_skb() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Resource management error
EUVDB-ID: #VU102225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56723
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) NULL pointer dereference
EUVDB-ID: #VU102484
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56776
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_cursor_atomic_check() function in drivers/gpu/drm/sti/sti_cursor.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Improper error handling
EUVDB-ID: #VU102198
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56681
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ahash_hmac_setkey() and ahash_hmac_init() functions in drivers/crypto/bcm/cipher.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Improper locking
EUVDB-ID: #VU102164
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56610
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), kcsan_skip_report_debugfs(), set_report_filterlist_whitelist(), insert_report_filterlist() and show_info() functions in kernel/kcsan/debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Use-after-free
EUVDB-ID: #VU102044
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56581
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_ref_tree_mod() function in fs/btrfs/ref-verify.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Buffer overflow
EUVDB-ID: #VU102236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56539
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Input validation error
EUVDB-ID: #VU102266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56720
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sk_msg_shift_left() and BPF_CALL_4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Improper locking
EUVDB-ID: #VU101228
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53135
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the module_param() function in arch/x86/kvm/vmx/vmx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) NULL pointer dereference
EUVDB-ID: #VU103026
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21639
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() and proc_sctp_do_rto_min() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Integer underflow
EUVDB-ID: #VU101924
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53158
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the geni_se_clk_tbl_get() function in drivers/soc/qcom/qcom-geni-se.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Out-of-bounds read
EUVDB-ID: #VU102092
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53214
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Improper error handling
EUVDB-ID: #VU97547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Use-after-free
EUVDB-ID: #VU102049
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53194
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_slot_release(), pci_bus_get() and make_slot_name() functions in drivers/pci/slot.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Improper locking
EUVDB-ID: #VU103126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57939
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_SPINLOCK() and die() functions in arch/riscv/kernel/traps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Memory leak
EUVDB-ID: #VU101980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56747
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qedi_alloc_and_init_sb() function in drivers/scsi/qedi/qedi_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Integer overflow
EUVDB-ID: #VU101923
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53161
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the bluefield_edac_check() function in drivers/edac/bluefield_edac.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Buffer overflow
EUVDB-ID: #VU102968
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57850
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the jffs2_rtime_decompress() function in fs/jffs2/compr_rtime.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Use-after-free
EUVDB-ID: #VU102017
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56602
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Out-of-bounds read
EUVDB-ID: #VU103743
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21692
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Out-of-bounds read
EUVDB-ID: #VU102081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56626
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_write() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) NULL pointer dereference
EUVDB-ID: #VU101103
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53113
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the alloc_pages_bulk_noprof() function in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Resource management error
EUVDB-ID: #VU102490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56770
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tfifo_reset(), tfifo_enqueue(), netem_enqueue() and netem_dequeue() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Memory leak
EUVDB-ID: #VU101099
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53121
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lookup_fte_locked() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Out-of-bounds read
EUVDB-ID: #VU102085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Use-after-free
EUVDB-ID: #VU102903
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX() and ila_add_mapping() functions in net/ipv6/ila/ila_xlat.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Resource management error
EUVDB-ID: #VU102247
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49034
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the show_cpuinfo() function in arch/sh/kernel/cpu/proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Memory leak
EUVDB-ID: #VU102006
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53198
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xenbus_dev_probe() function in drivers/xen/xenbus/xenbus_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Use-after-free
EUVDB-ID: #VU102059
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53171
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the get_znodes_to_commit() function in fs/ubifs/tnc_commit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Use-after-free
EUVDB-ID: #VU102022
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56619
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Use-after-free
EUVDB-ID: #VU102024
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56631
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Use-after-free
EUVDB-ID: #VU102042
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56558
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Incorrect calculation
EUVDB-ID: #VU101234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53138
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the tx_sync_info_get(), mlx5e_ktls_tx_handle_resync_dump_comp() and mlx5e_ktls_tx_handle_ooo() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Integer overflow
EUVDB-ID: #VU101922
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53151
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the xdr_check_write_chunk() function in net/sunrpc/xprtrdma/svc_rdma_recvfrom.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Input validation error
EUVDB-ID: #VU102283
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56622
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the read_req_latency_avg_show() and write_req_latency_avg_show() functions in drivers/ufs/core/ufs-sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Double free
EUVDB-ID: #VU102192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the xen_9pfs_front_free() function in net/9p/trans_xen.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Use-after-free
EUVDB-ID: #VU102058
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53173
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Out-of-bounds read
EUVDB-ID: #VU102077
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56662
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) NULL pointer dereference
EUVDB-ID: #VU101226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53131
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __nilfs_get_page_block() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Memory leak
EUVDB-ID: #VU103510
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21683
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Resource management error
EUVDB-ID: #VU101233
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53125
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_equal_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Use-after-free
EUVDB-ID: #VU103011
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21631
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_waker_bfqq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Resource management error
EUVDB-ID: #VU102244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56625
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the can_set_termination() function in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Resource management error
EUVDB-ID: #VU103923
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21699
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Double free
EUVDB-ID: #VU101230
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53140
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the netlink_skb_set_owner_r(), netlink_sock_destruct(), deferred_put_nlk_sk() and netlink_release() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Memory leak
EUVDB-ID: #VU103006
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vcnl4035_trigger_consumer_handler() function in drivers/iio/light/vcnl4035.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Resource management error
EUVDB-ID: #VU102224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56724
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bxt_wcove_tmu_irq_handler() and bxt_wcove_tmu_probe() functions in drivers/platform/x86/intel/bxtwc_tmu.c, within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) NULL pointer dereference
EUVDB-ID: #VU102485
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56777
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_gdp_atomic_check() function in drivers/gpu/drm/sti/sti_gdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Out-of-bounds read
EUVDB-ID: #VU102087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56596
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the jfs_readdir() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Out-of-bounds read
EUVDB-ID: #VU102079
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56648
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fill_frame_info() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Integer overflow
EUVDB-ID: #VU101920
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53145
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the setup_physmem() function in arch/um/kernel/physmem.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Use-after-free
EUVDB-ID: #VU102917
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50051
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpc52xx_spi_remove() function in drivers/spi/spi-mpc52xx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Improper locking
EUVDB-ID: #VU105671
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58087
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_session_id(), smb2_check_user_session(), smb2_sess_setup(), smb2_session_logoff() and smb3_decrypt_req() functions in fs/ksmbd/smb2pdu.c, within the ksmbd_session_lookup() and ksmbd_session_lookup_slowpath() functions in fs/ksmbd/mgmt/user_session.c, within the ksmbd_get_encryption_key() function in fs/ksmbd/auth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Use-after-free
EUVDB-ID: #VU102909
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zone_reclaimable_pages() function in mm/vmscan.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Improper locking
EUVDB-ID: #VU103127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57946
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtblk_remove() and virtblk_restore() functions in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) NULL pointer dereference
EUVDB-ID: #VU103023
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21636
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_udp_port() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Use-after-free
EUVDB-ID: #VU90149
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-35864
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Use-after-free
EUVDB-ID: #VU102905
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57892
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brelse() function in fs/ocfs2/quota_local.c, within the ocfs2_get_next_id() function in fs/ocfs2/quota_global.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Memory leak
EUVDB-ID: #VU101996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56572
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the allocate_buffers_internal() function in drivers/media/platform/allegro-dvt/allegro-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) NULL pointer dereference
EUVDB-ID: #VU102486
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56778
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_hqvdp_atomic_check() function in drivers/gpu/drm/sti/sti_hqvdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Out-of-bounds read
EUVDB-ID: #VU101911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53156
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Improper locking
EUVDB-ID: #VU102180
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56531
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_usb_caiaq_input_free() function in sound/usb/caiaq/input.c, within the setup_card(), init_card() and snd_disconnect() functions in sound/usb/caiaq/device.c, within the snd_usb_caiaq_audio_init() function in sound/usb/caiaq/audio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) NULL pointer dereference
EUVDB-ID: #VU102114
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56629
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) NULL pointer dereference
EUVDB-ID: #VU102101
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56698
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_prepare_trbs_sg() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Improper locking
EUVDB-ID: #VU102941
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43098
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i3c_device_uevent() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) NULL pointer dereference
EUVDB-ID: #VU102102
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56700
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fmc_send_cmd() function in drivers/media/radio/wl128x/fmdrv_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Improper locking
EUVDB-ID: #VU102182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56533
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_usx2y_disconnect() function in sound/usb/usx2y/usbusx2y.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Infinite loop
EUVDB-ID: #VU103594
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21665
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Use-after-free
EUVDB-ID: #VU102033
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56658
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Resource management error
EUVDB-ID: #VU103751
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21690
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dev_warn() and storvsc_on_io_completion() functions in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Out-of-bounds read
EUVDB-ID: #VU101910
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53150
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Resource management error
EUVDB-ID: #VU102974
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52332
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igb_init_module() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) Improper Initialization
EUVDB-ID: #VU102222
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53180
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the snd_pcm_mmap_data_fault() function in sound/core/pcm_native.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Memory leak
EUVDB-ID: #VU101098
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53119
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_transport_recv_listen() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) NULL pointer dereference
EUVDB-ID: #VU102133
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53217
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd4_process_cb_update() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Input validation error
EUVDB-ID: #VU99220
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Reachable assertion
EUVDB-ID: #VU103037
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57922
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the drivers/gpu/drm/amd/display/dc/dml/dml_inline_defs.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) Use-after-free
EUVDB-ID: #VU90192
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_debug_files_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) NULL pointer dereference
EUVDB-ID: #VU102127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56568
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_smmu_probe_device() function in drivers/iommu/arm/arm-smmu/arm-smmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Use-after-free
EUVDB-ID: #VU102057
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53174
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the c_show() function in net/sunrpc/cache.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Use-after-free
EUVDB-ID: #VU102397
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56767
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the at_xdmac_prep_dma_memset() function in drivers/dma/at_xdmac.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Input validation error
EUVDB-ID: #VU102281
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56590
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_tx_work() and hci_acldata_packet() functions in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) Use-after-free
EUVDB-ID: #VU102029
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56642
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bearer() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Memory leak
EUVDB-ID: #VU101979
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56748
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qedf_alloc_and_init_sb() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Integer underflow
EUVDB-ID: #VU102210
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56645
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the j1939_session_new() function in net/can/j1939/transport.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Improper error handling
EUVDB-ID: #VU97814
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46841
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) Improper error handling
EUVDB-ID: #VU97813
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Improper locking
EUVDB-ID: #VU96152
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42315
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the exfat_get_dentry_set() function in fs/exfat/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) Use-after-free
EUVDB-ID: #VU102012
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56678
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ___do_page_fault() function in arch/powerpc/mm/fault.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Use-after-free
EUVDB-ID: #VU90048
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Use-after-free
EUVDB-ID: #VU102393
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56759
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_force_cow_block() and btrfs_cow_block() functions in fs/btrfs/ctree.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Resource management error
EUVDB-ID: #VU100644
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50275
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sve_init_regs() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Input validation error
EUVDB-ID: #VU102952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49571
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_msg_prop_valid() function in net/smc/smc_clc.c, within the smc_listen_prfx_check() and smc_find_ism_v1_device_serv() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Buffer overflow
EUVDB-ID: #VU101927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53148
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the comedi_mmap() function in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Resource management error
EUVDB-ID: #VU102229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56576
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) Out-of-bounds read
EUVDB-ID: #VU100938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53099
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bpf_link_show_fdinfo() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Out-of-bounds read
EUVDB-ID: #VU102080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56627
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) Integer underflow
EUVDB-ID: #VU102965
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53690
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nilfs_lookup() function in fs/nilfs2/namei.c, within the nilfs_iget() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) Use-after-free
EUVDB-ID: #VU100615
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50283
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) Buffer overflow
EUVDB-ID: #VU101231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53127
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dw_mci_init_slot() function in drivers/mmc/host/dw_mmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) NULL pointer dereference
EUVDB-ID: #VU102922
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45828
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hci_dma_cleanup() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) Improper error handling
EUVDB-ID: #VU102954
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57901
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vlan_get_tci() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.136.147~20.04.1
linux-image-5.15.0-136-generic-lpae (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic-64k (Ubuntu package): before 5.15.0-136.147~20.04.1
linux-image-5.15.0-136-generic (Ubuntu package): before 5.15.0-136.147~20.04.1
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04b_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5_15_0-136-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7407-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
