Ubuntu update for linux-gcp-6.8
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 460 |
| CVE-ID | CVE-2024-56724 CVE-2024-50108 CVE-2024-56631 CVE-2024-50236 CVE-2022-49034 CVE-2024-50133 CVE-2024-53108 CVE-2024-56605 CVE-2024-56599 CVE-2024-56721 CVE-2024-53110 CVE-2024-56751 CVE-2024-53120 CVE-2024-53198 CVE-2024-57876 CVE-2024-50285 CVE-2024-53133 CVE-2024-56681 CVE-2024-56581 CVE-2025-21701 CVE-2024-53086 CVE-2024-53201 CVE-2024-56630 CVE-2024-53222 CVE-2024-50139 CVE-2024-53084 CVE-2024-53214 CVE-2024-53183 CVE-2024-56600 CVE-2024-50286 CVE-2024-53232 CVE-2024-56777 CVE-2024-56540 CVE-2024-50121 CVE-2024-50284 CVE-2024-56621 CVE-2024-53195 CVE-2024-50279 CVE-2024-53203 CVE-2024-50104 CVE-2024-50238 CVE-2024-53177 CVE-2024-53053 CVE-2024-50297 CVE-2024-56569 CVE-2024-53131 CVE-2024-56642 CVE-2024-56752 CVE-2024-53079 CVE-2024-56705 CVE-2024-56679 CVE-2024-50272 CVE-2024-53231 CVE-2024-53228 CVE-2024-50128 CVE-2024-53229 CVE-2024-53055 CVE-2024-53050 CVE-2024-50265 CVE-2024-56703 CVE-2024-53114 CVE-2024-50278 CVE-2024-56771 CVE-2024-56708 CVE-2024-53082 CVE-2024-50051 CVE-2024-50125 CVE-2024-53109 CVE-2024-50257 CVE-2024-50107 CVE-2024-50290 CVE-2024-50211 CVE-2024-56609 CVE-2024-53190 CVE-2024-50232 CVE-2024-53134 CVE-2024-50142 CVE-2024-50166 CVE-2024-53051 CVE-2024-53224 CVE-2024-57872 CVE-2024-53200 CVE-2024-56685 CVE-2025-21700 CVE-2024-43098 CVE-2024-56604 CVE-2024-50218 CVE-2024-53113 CVE-2024-50242 CVE-2024-50223 CVE-2024-53099 CVE-2024-50162 CVE-2024-56587 CVE-2025-21756 CVE-2024-50126 CVE-2024-50067 CVE-2024-56539 CVE-2024-50153 CVE-2024-50251 CVE-2024-56726 CVE-2024-56780 CVE-2024-56700 CVE-2024-53059 CVE-2024-50252 CVE-2024-50269 CVE-2024-50163 CVE-2024-50248 CVE-2024-56578 CVE-2024-50240 CVE-2024-53155 CVE-2024-56613 CVE-2024-50118 CVE-2024-53091 CVE-2024-57838 CVE-2024-53094 CVE-2024-56638 CVE-2024-53175 CVE-2024-53062 CVE-2024-57843 CVE-2024-50210 CVE-2024-53237 CVE-2024-50115 CVE-2024-50164 CVE-2024-50208 CVE-2024-53068 CVE-2024-41932 CVE-2024-45828 CVE-2024-56635 CVE-2024-50112 CVE-2024-50289 CVE-2024-53197 CVE-2024-49906 CVE-2024-50304 CVE-2024-56625 CVE-2024-56785 CVE-2024-49899 CVE-2024-48876 CVE-2024-53236 CVE-2024-50216 CVE-2024-56756 CVE-2024-53178 CVE-2024-53095 CVE-2024-56786 CVE-2024-50111 CVE-2024-56643 CVE-2024-56584 CVE-2024-50298 CVE-2024-53089 CVE-2024-56550 CVE-2024-50221 CVE-2024-50160 CVE-2024-53188 CVE-2024-53066 CVE-2024-53047 CVE-2024-56765 CVE-2024-56601 CVE-2024-53146 CVE-2024-56597 CVE-2024-56622 CVE-2024-50205 CVE-2024-56647 CVE-2024-56651 CVE-2024-56572 CVE-2024-56568 CVE-2024-53087 CVE-2024-50152 CVE-2024-53230 CVE-2024-50276 CVE-2024-56562 CVE-2024-56565 CVE-2024-56596 CVE-2024-50237 CVE-2024-53194 CVE-2024-53176 CVE-2024-56754 CVE-2024-56593 CVE-2024-50225 CVE-2024-47143 CVE-2024-50301 CVE-2025-21831 CVE-2024-53151 CVE-2024-50259 CVE-2024-50150 CVE-2024-53145 CVE-2024-56590 CVE-2024-50222 CVE-2024-53058 CVE-2024-56687 CVE-2024-56690 CVE-2024-56538 CVE-2024-53044 CVE-2024-50292 CVE-2024-56577 CVE-2024-50235 CVE-2024-50172 CVE-2024-53127 CVE-2024-56615 CVE-2024-53088 CVE-2024-50141 CVE-2024-53223 CVE-2024-50135 CVE-2024-50262 CVE-2024-53174 CVE-2024-56545 CVE-2024-53093 CVE-2024-56586 CVE-2024-53118 CVE-2024-56727 CVE-2024-57874 CVE-2024-50267 CVE-2024-53048 CVE-2024-50250 CVE-2024-56533 CVE-2024-53196 CVE-2024-57849 CVE-2024-50010 CVE-2024-53129 CVE-2024-53119 CVE-2024-56742 CVE-2024-53045 CVE-2024-50226 CVE-2024-53173 CVE-2024-53220 CVE-2024-53185 CVE-2024-50294 CVE-2024-53181 CVE-2024-53150 CVE-2024-47809 CVE-2024-56746 CVE-2024-53233 CVE-2024-56620 CVE-2024-53213 CVE-2024-53163 CVE-2024-56648 CVE-2024-56640 CVE-2024-48873 CVE-2024-53209 CVE-2024-50246 CVE-2024-50258 CVE-2024-57850 CVE-2024-56549 CVE-2024-56627 CVE-2024-56778 CVE-2024-56720 CVE-2024-50256 CVE-2024-56725 CVE-2024-56729 CVE-2024-53046 CVE-2024-56573 CVE-2024-53112 CVE-2024-53115 CVE-2024-50234 CVE-2024-53172 CVE-2024-56558 CVE-2024-56787 CVE-2024-53184 CVE-2024-50131 CVE-2024-50255 CVE-2024-50155 CVE-2024-53187 CVE-2024-49569 CVE-2024-56616 CVE-2024-53147 CVE-2024-53123 CVE-2024-53162 CVE-2024-53126 CVE-2024-53061 CVE-2024-53210 CVE-2024-50138 CVE-2024-53105 CVE-2024-56644 CVE-2024-50105 CVE-2024-50207 CVE-2024-53158 CVE-2024-50261 CVE-2024-56693 CVE-2024-41935 CVE-2024-53128 CVE-2024-50116 CVE-2024-50143 CVE-2025-21702 CVE-2024-53072 CVE-2024-53100 CVE-2024-42122 CVE-2024-50303 CVE-2024-50124 CVE-2024-56606 CVE-2024-56557 CVE-2024-53083 CVE-2024-50299 CVE-2024-56589 CVE-2024-50296 CVE-2024-50275 CVE-2024-56698 CVE-2024-50245 CVE-2024-50263 CVE-2024-56633 CVE-2024-50230 CVE-2024-56579 CVE-2024-50231 CVE-2024-50295 CVE-2024-56611 CVE-2024-56689 CVE-2024-50159 CVE-2024-53680 CVE-2024-56551 CVE-2024-56748 CVE-2024-50249 CVE-2024-53168 CVE-2024-56632 CVE-2024-53060 CVE-2024-41014 CVE-2024-53121 CVE-2024-50145 CVE-2024-53081 CVE-2024-50151 CVE-2024-56781 CVE-2024-50110 CVE-2024-53148 CVE-2024-56567 CVE-2024-56641 CVE-2024-53208 CVE-2024-56619 CVE-2024-52332 CVE-2024-56775 CVE-2024-56626 CVE-2024-56688 CVE-2024-53215 CVE-2024-56783 CVE-2024-50103 CVE-2024-53226 CVE-2024-50282 CVE-2024-56755 CVE-2024-50268 CVE-2024-50271 CVE-2024-53076 CVE-2024-56610 CVE-2024-56636 CVE-2024-44955 CVE-2024-56623 CVE-2024-56694 CVE-2024-56608 CVE-2024-56576 CVE-2024-56692 CVE-2024-56723 CVE-2024-53191 CVE-2024-56677 CVE-2024-48875 CVE-2024-53106 CVE-2024-56678 CVE-2024-50273 CVE-2024-50206 CVE-2024-50170 CVE-2024-56594 CVE-2024-56707 CVE-2024-56649 CVE-2024-50167 CVE-2024-56691 CVE-2024-56683 CVE-2024-53052 CVE-2024-56747 CVE-2024-47141 CVE-2024-56543 CVE-2024-56574 CVE-2024-53085 CVE-2024-50136 CVE-2024-56779 CVE-2024-53111 CVE-2024-53139 CVE-2024-56704 CVE-2024-56745 CVE-2024-53234 CVE-2024-53138 CVE-2024-50130 CVE-2024-48881 CVE-2024-53107 CVE-2024-53218 CVE-2024-56602 CVE-2024-56531 CVE-2024-53154 CVE-2024-56532 CVE-2024-53130 CVE-2024-50215 CVE-2024-50147 CVE-2024-56607 CVE-2024-50137 CVE-2024-47794 CVE-2024-50158 CVE-2024-50239 CVE-2024-56645 CVE-2024-53171 CVE-2024-56592 CVE-2024-56772 CVE-2024-50288 CVE-2024-50156 CVE-2024-53180 CVE-2024-53169 CVE-2024-56634 CVE-2024-56728 CVE-2024-56722 CVE-2024-50209 CVE-2024-56588 CVE-2024-53096 CVE-2024-56548 CVE-2024-53166 CVE-2024-56773 CVE-2024-56575 CVE-2024-56650 CVE-2024-50127 CVE-2024-56744 CVE-2024-56546 CVE-2024-50154 CVE-2024-53202 CVE-2024-56782 CVE-2024-50270 CVE-2024-53157 CVE-2024-50243 CVE-2024-56583 CVE-2024-53239 CVE-2025-21993 CVE-2024-56603 CVE-2024-56629 CVE-2024-53135 CVE-2024-56739 CVE-2024-50283 CVE-2024-56580 CVE-2024-50169 CVE-2024-56774 CVE-2024-53042 CVE-2024-53227 CVE-2024-53067 CVE-2024-50224 CVE-2024-50247 CVE-2024-53122 CVE-2024-53090 CVE-2024-53221 CVE-2024-50146 CVE-2024-53219 CVE-2024-53142 CVE-2024-56570 CVE-2024-56566 CVE-2024-50140 CVE-2024-56776 CVE-2024-50287 CVE-2024-53161 CVE-2024-50300 CVE-2024-53160 CVE-2024-50203 CVE-2024-53217 CVE-2024-50244 CVE-2024-53043 CVE-2024-50280 CVE-2024-56637 CVE-2024-53117 CVE-2024-56701 CVE-2024-50291 CVE-2024-50120 CVE-2024-53101 CVE-2024-50220 CVE-2024-56561 |
| CWE-ID | CWE-399 CWE-416 CWE-401 CWE-476 CWE-682 CWE-119 CWE-667 CWE-20 CWE-388 CWE-125 CWE-191 CWE-617 CWE-835 CWE-369 CWE-404 CWE-908 CWE-1037 CWE-787 CWE-190 CWE-415 CWE-665 CWE-193 CWE-362 CWE-366 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #99 is available. Vulnerability #131 is being exploited in the wild. Vulnerability #227 is being exploited in the wild. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-gcp-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1028-gcp-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1028-gcp (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 460 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU102224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56724
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bxt_wcove_tmu_irq_handler() and bxt_wcove_tmu_probe() functions in drivers/platform/x86/intel/bxtwc_tmu.c, within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU99839
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50108
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the is_psr_su_specific_panel() function in drivers/gpu/drm/amd/display/modules/power/power_helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU102024
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56631
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU100162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU102247
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49034
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the show_cpuinfo() function in arch/sh/kernel/cpu/proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU99822
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50133
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stack_top() function in arch/loongarch/kernel/process.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU101101
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53108
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the parse_amd_vsdb() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU102020
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56605
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU102108
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56599
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath10k_sdio_remove() function in drivers/net/wireless/ath/ath10k/sdio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Incorrect calculation
EUVDB-ID: #VU102254
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56721
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the init_amd_bd() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU101116
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53110
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vp_vdpa_probe() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU102152
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56751
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6_dst_ifdown(), DEFINE_SPINLOCK() and rt6_remove_exception() functions in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU101105
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53120
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_tc_ct_entry_add_rule() function in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU102006
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53198
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xenbus_dev_probe() function in drivers/xen/xenbus/xenbus_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU102936
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57876
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_dp_mst_topology_mgr_set_mst(), EXPORT_SYMBOL(), update_msg_rx_state() and drm_dp_mst_hpd_irq_handle_event() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU100651
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50285
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smb1_negotiate() and init_smb1_server() functions in fs/smb/server/smb_common.c, within the handle_ksmbd_work() and queue_ksmbd_work() functions in fs/smb/server/server.c, within the ksmbd_conn_alloc() function in fs/smb/server/connection.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU101222
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53133
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dc_state_create_copy() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper error handling
EUVDB-ID: #VU102198
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56681
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ahash_hmac_setkey() and ahash_hmac_init() functions in drivers/crypto/bcm/cipher.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU102044
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56581
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_ref_tree_mod() function in fs/btrfs/ref-verify.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU103960
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21701
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ethnl_ops_begin() function in net/ethtool/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU100727
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53086
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_sync_in_fence_get() function in drivers/gpu/drm/xe/xe_exec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU102137
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53201
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper error handling
EUVDB-ID: #VU102203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56630
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_get_init_inode() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU102129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53222
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zram_add() function in drivers/block/zram/zram_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU100065
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50139
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the reset_clidr() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Memory leak
EUVDB-ID: #VU100703
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53084
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pvr_vm_context_release() function in drivers/gpu/drm/imagination/pvr_vm.c, within the pvr_context_destroy() function in drivers/gpu/drm/imagination/pvr_context.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU102092
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53214
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Resource management error
EUVDB-ID: #VU102235
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53183
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the net_device_release() function in arch/um/drivers/net_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU102016
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv6/af_inet6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU100616
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50286
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ksmbd_expire_session() and ksmbd_sessions_deregister() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU102068
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the calc_rtx(), s390_domain_free(), s390_iommu_attach_device(), s390_iommu_probe_device(), s390_iommu_unmap_pages() and s390_iommu_init() functions in drivers/iommu/s390-iommu.c, within the pci_fmb_show() function in arch/s390/pci/pci_debug.c, within the zpci_fmb_enable_device() function in arch/s390/pci/pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) NULL pointer dereference
EUVDB-ID: #VU102485
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56777
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_gdp_atomic_check() function in drivers/gpu/drm/sti/sti_gdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU102149
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56540
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ivpu_jsm_pwr_d0i3_enter(), ivpu_jsm_hws_setup_priority_bands(), ivpu_jsm_dct_enable() and ivpu_jsm_dct_disable() functions in drivers/accel/ivpu/ivpu_jsm_msg.c, within the ivpu_ipc_receive() and ivpu_ipc_send_receive_active() functions in drivers/accel/ivpu/ivpu_ipc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU99804
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50121
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_state_shutdown_net() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper error handling
EUVDB-ID: #VU100634
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50284
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __rpc_method() and ksmbd_session_rpc_open() functions in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU102113
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56621
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufshcd_remove() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource management error
EUVDB-ID: #VU102232
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53195
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_KVM_NVHE_PER_CPU(), kvm_arch_vcpu_postcreate(), kvm_arch_vcpu_run_pid_change(), kvm_vcpu_exit_request() and kvm_arch_vcpu_ioctl_run() functions in arch/arm64/kvm/arm.c, within the get_timer_map() function in arch/arm64/kvm/arch_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU100620
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50279
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Integer underflow
EUVDB-ID: #VU102211
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53203
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the ucsi_ccg_sync_control() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU99815
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50104
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sdm845_snd_startup() and sdm845_snd_shutdown() functions in sound/soc/qcom/sdm845.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU100177
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50238
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usbc_probe() function in drivers/phy/qualcomm/phy-qcom-qmp-usbc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU102056
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53177
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SMB2_query_info_free(), invalidate_all_cached_dirs(), smb2_cached_lease_break(), cached_dir_lease_break() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU100721
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53053
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_update_rtc() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper error handling
EUVDB-ID: #VU100635
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50297
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the axienet_start_xmit_dmaengine() function in drivers/net/ethernet/xilinx/xilinx_axienet_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU102126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56569
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ftrace_mod_callback() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU101226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53131
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __nilfs_get_page_block() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU102029
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56642
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bearer() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Resource management error
EUVDB-ID: #VU102241
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56752
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gf100_gr_chan_new() function in drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU100724
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53079
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the destroy_large_folio() function in mm/page_alloc.c, within the mem_cgroup_move_account(), mem_cgroup_move_charge_pte_range(), uncharge_folio() and mem_cgroup_swapout() functions in mm/memcontrol.c, within the __folio_undo_large_rmappable() and deferred_split_folio() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Reachable assertion
EUVDB-ID: #VU102190
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56705
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ia_css_3a_statistics_allocate() function in drivers/staging/media/atomisp/pci/sh_css_params.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU102277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the otx2_get_max_mtu() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Infinite loop
EUVDB-ID: #VU100640
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50272
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the filemap_read() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU102144
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53231
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_get_cpu_power() function in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds read
EUVDB-ID: #VU102091
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53228
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kvm_riscv_vcpu_sbi_init() function in arch/riscv/kvm/vcpu_sbi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU99812
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50128
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wwan/wwan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Infinite loop
EUVDB-ID: #VU102217
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53229
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rxe_requester() function in drivers/infiniband/sw/rxe/rxe_req.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Infinite loop
EUVDB-ID: #VU100734
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53055
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the iwl_mvm_umac_scan_cfg_channels_v6_6g() function in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU100709
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53050
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_dp_hdcp2_get_capability() function in drivers/gpu/drm/i915/display/intel_dp_hdcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Memory leak
EUVDB-ID: #VU100610
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50265
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper locking
EUVDB-ID: #VU102159
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56703
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the |() function in tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh, within the fib6_select_path(), ip6_route_mpath_notify(), rt6_nlmsg_size(), rt6_fill_node() and inet6_rt_notify() functions in net/ipv6/route.c, within the fib6_del_route() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Input validation error
EUVDB-ID: #VU101122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53114
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Out-of-bounds read
EUVDB-ID: #VU100619
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50278
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU102491
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56771
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SPINAND_INFO() function in drivers/mtd/nand/spi/winbond.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Buffer overflow
EUVDB-ID: #VU102237
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56708
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the igen6_register_mci() and igen6_unregister_mcis() functions in drivers/edac/igen6_edac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Input validation error
EUVDB-ID: #VU100749
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53082
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the virtnet_probe() function in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU102917
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50051
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpc52xx_spi_remove() function in drivers/spi/spi-mpc52xx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU99806
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50125
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SCO_CONN_TIMEOUT(), sco_sock_timeout() and sco_conn_del() functions in net/bluetooth/sco.c, within the bt_sock_unlink() function in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Resource management error
EUVDB-ID: #VU101114
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53109
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the delete_vma_from_mm() function in mm/nommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Use-after-free
EUVDB-ID: #VU100168
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50257
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xt_find_table_lock() function in net/netfilter/x_tables.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper locking
EUVDB-ID: #VU99825
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50107
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmc_core_ssram_get_pmc() function in drivers/platform/x86/intel/pmc/core_ssram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Integer underflow
EUVDB-ID: #VU100637
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50290
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper error handling
EUVDB-ID: #VU100134
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50211
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the udf_truncate_extents() function in fs/udf/truncate.c, within the udf_try_read_meta() function in fs/udf/partition.c, within the udf_map_block(), udf_extend_file(), udf_delete_aext() and inode_bmap() functions in fs/udf/inode.c, within the udf_fiiter_init() and udf_fiiter_append_blk() functions in fs/udf/directory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Improper locking
EUVDB-ID: #VU102165
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56609
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtw_usb_tx_handler() and rtw_usb_deinit_tx() functions in drivers/net/wireless/realtek/rtw88/usb.c, within the rtw_sdio_deinit_tx() function in drivers/net/wireless/realtek/rtw88/sdio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Improper locking
EUVDB-ID: #VU102173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53190
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the efuse_write_1byte() and read_efuse_byte() functions in drivers/net/wireless/realtek/rtlwifi/efuse.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Division by zero
EUVDB-ID: #VU100199
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50232
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad7124_write_raw() function in drivers/iio/adc/ad7124.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Input validation error
EUVDB-ID: #VU101236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53134
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the imx93_blk_ctrl_remove() function in drivers/pmdomain/imx/imx93-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Input validation error
EUVDB-ID: #VU100081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the verify_newsa_info() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Memory leak
EUVDB-ID: #VU100052
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50166
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mac_probe() and mac_remove() functions in drivers/net/ethernet/freescale/fman/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU100710
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53051
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_hdcp_read_valid_bksv() function in drivers/gpu/drm/i915/display/intel_hdcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) NULL pointer dereference
EUVDB-ID: #VU102141
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53224
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_ib_dev_res_init(), mlx5_ib_stage_delay_drop_cleanup(), mlx5_ib_stage_dev_notifier_init() and STAGE_CREATE() functions in drivers/infiniband/hw/mlx5/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Memory leak
EUVDB-ID: #VU102896
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57872
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ufshcd_pltfrm_remove() function in drivers/ufs/host/ufshcd-pltfrm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU102138
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53200
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hwss_setup_dpp() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) NULL pointer dereference
EUVDB-ID: #VU102095
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56685
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt8195_mt6359_soc_card_probe() function in sound/soc/mediatek/mt8195/mt8195-mt6359.c, within the mt8192_mt6359_legacy_probe() and mt8192_mt6359_soc_card_probe() functions in sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c, within the mt8188_mt6359_soc_card_probe() function in sound/soc/mediatek/mt8188/mt8188-mt6359.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Use-after-free
EUVDB-ID: #VU103959
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21700
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper locking
EUVDB-ID: #VU102941
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43098
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i3c_device_uevent() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU102019
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56604
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rfcomm_sock_alloc() function in net/bluetooth/rfcomm/sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Input validation error
EUVDB-ID: #VU100187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50218
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) NULL pointer dereference
EUVDB-ID: #VU101103
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53113
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the alloc_pages_bulk_noprof() function in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Input validation error
EUVDB-ID: #VU100207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50242
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_file_release() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) NULL pointer dereference
EUVDB-ID: #VU100174
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50223
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vma_next() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Out-of-bounds read
EUVDB-ID: #VU100938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53099
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bpf_link_show_fdinfo() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU100075
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50162
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_map_hash_get_next_key(), dev_map_bpf_prog_run() and bq_xmit_all() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) NULL pointer dereference
EUVDB-ID: #VU102104
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56587
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brightness_show() and max_brightness_show() functions in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU104945
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21756
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Use-after-free
EUVDB-ID: #VU99807
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50126
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_dump() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Use-after-free
EUVDB-ID: #VU99434
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50067
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Buffer overflow
EUVDB-ID: #VU102236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56539
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use-after-free
EUVDB-ID: #VU100061
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50153
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the target_alloc_device() function in drivers/target/target_core_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Incorrect calculation
EUVDB-ID: #VU100202
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-50251
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nft_payload_set_eval() function in net/netfilter/nft_payload.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
100) Input validation error
EUVDB-ID: #VU102270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56726
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cn10k_alloc_leaf_profile() function in drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improper locking
EUVDB-ID: #VU102489
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dquot_writeback_dquots() function in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) NULL pointer dereference
EUVDB-ID: #VU102102
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56700
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fmc_send_cmd() function in drivers/media/radio/wl128x/fmdrv_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Input validation error
EUVDB-ID: #VU100728
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53059
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Memory leak
EUVDB-ID: #VU100163
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50252
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_ipip_ol_netdev_change_gre6() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improper resource shutdown or release
EUVDB-ID: #VU100649
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50269
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Input validation error
EUVDB-ID: #VU100082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Input validation error
EUVDB-ID: #VU100205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50248
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Improper error handling
EUVDB-ID: #VU102206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56578
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mxc_jpeg_probe() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU100179
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50240
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_probe() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Use of uninitialized resource
EUVDB-ID: #VU101917
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53155
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ocfs2_file_write_iter() and ocfs2_file_read_iter() functions in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Memory leak
EUVDB-ID: #VU101995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56613
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) NULL pointer dereference
EUVDB-ID: #VU99819
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50118
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_reconfigure() function in fs/btrfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Input validation error
EUVDB-ID: #VU100836
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53091
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/net/tls.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Improper error handling
EUVDB-ID: #VU102958
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57838
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch_init_kprobes() function in arch/s390/kernel/kprobes.c, within the SYM_CODE_START() function in arch/s390/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Resource management error
EUVDB-ID: #VU100835
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53094
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the siw_tcp_sendpages() function in drivers/infiniband/sw/siw/siw_qp_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Input validation error
EUVDB-ID: #VU102185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56638
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_inner_parse() and nft_inner_parse_needed() functions in net/netfilter/nft_inner.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Memory leak
EUVDB-ID: #VU102000
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53175
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the create_ipc_ns() function in ipc/namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Input validation error
EUVDB-ID: #VU100748
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mgb4_cmt_set_vin_freq_range() function in drivers/media/pci/mgb4/mgb4_cmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Buffer overflow
EUVDB-ID: #VU102967
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57843
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the virtnet_rq_alloc(), add_recvbuf_small() and add_recvbuf_mergeable() functions in drivers/net/virtio_net.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Improper locking
EUVDB-ID: #VU100129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50210
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Use-after-free
EUVDB-ID: #VU102069
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53237
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __match_tty() and hci_conn_del_sysfs() functions in net/bluetooth/hci_sysfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Out-of-bounds read
EUVDB-ID: #VU99810
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50115
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Use of uninitialized resource
EUVDB-ID: #VU100085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50164
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the check_helper_mem_access(), check_mem_size_reg(), check_mem_reg(), check_kfunc_mem_size_reg() and verbose() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Buffer overflow
EUVDB-ID: #VU100141
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50208
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use-after-free
EUVDB-ID: #VU100708
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53068
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), __scmi_device_destroy() and __scmi_device_create() functions in drivers/firmware/arm_scmi/bus.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Resource management error
EUVDB-ID: #VU102983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41932
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __sched_setaffinity() function in kernel/sched/syscalls.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) NULL pointer dereference
EUVDB-ID: #VU102922
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45828
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hci_dma_cleanup() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Use-after-free
EUVDB-ID: #VU102026
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56635
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the default_operstate() function in net/core/link_watch.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU99846
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50112
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to speculative execution within the arch/x86/Kconfig. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Input validation error
EUVDB-ID: #VU100652
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50289
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Out-of-bounds write
EUVDB-ID: #VU102090
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53197
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited against Android devices.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
132) NULL pointer dereference
EUVDB-ID: #VU98940
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49906
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Improper locking
EUVDB-ID: #VU100717
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50304
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip_tunnel_find() function in net/ipv4/ip_tunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Resource management error
EUVDB-ID: #VU102244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56625
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the can_set_termination() function in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Resource management error
EUVDB-ID: #VU102494
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56785
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/mips/boot/dts/loongson/ls7a-pch.dtsi. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Input validation error
EUVDB-ID: #VU99225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49899
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Improper locking
EUVDB-ID: #VU102947
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48876
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stack_depot_save_flags() function in lib/stackdepot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Memory leak
EUVDB-ID: #VU102003
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xsk_build_skb() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Use of uninitialized resource
EUVDB-ID: #VU100193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50216
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the xfs_filestream_pick_ag() and !() functions in fs/xfs/xfs_filestream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Use-after-free
EUVDB-ID: #VU102008
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56756
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_free_host_mem(), __nvme_alloc_host_mem() and kfree() functions in drivers/nvme/host/pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Memory leak
EUVDB-ID: #VU102007
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53178
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the find_or_create_cached_dir() and smb2_set_related() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Use-after-free
EUVDB-ID: #VU100830
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53095
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Use-after-free
EUVDB-ID: #VU102480
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56786
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_link_inc() and bpf_link_free() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Resource management error
EUVDB-ID: #VU99835
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50111
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_ale() and die_if_kernel() functions in arch/loongarch/kernel/traps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Memory leak
EUVDB-ID: #VU101989
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56643
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dccp_feat_change_recv() function in net/dccp/feat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Use-after-free
EUVDB-ID: #VU102038
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56584
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_init_wq_offload() function in io_uring/tctx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) NULL pointer dereference
EUVDB-ID: #VU100627
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50298
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the enetc_sriov_configure(), enetc_pf_probe(), free_netdev() and enetc_pf_remove() functions in drivers/net/ethernet/freescale/enetc/enetc_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Improper locking
EUVDB-ID: #VU100832
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53089
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_create() function in arch/loongarch/kvm/vcpu.c, within the _kvm_save_timer() function in arch/loongarch/kvm/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Input validation error
EUVDB-ID: #VU102278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56550
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch_stack_walk_user_common() function in arch/s390/kernel/stacktrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Out-of-bounds read
EUVDB-ID: #VU100170
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50221
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vangogh_tables_init() function in drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) NULL pointer dereference
EUVDB-ID: #VU100074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50160
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dolphin_fixups() function in sound/pci/hda/patch_cs8409.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) NULL pointer dereference
EUVDB-ID: #VU102130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53188
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath12k_dp_cc_cleanup() function in drivers/net/wireless/ath/ath12k/dp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Use of uninitialized resource
EUVDB-ID: #VU100730
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53066
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Improper locking
EUVDB-ID: #VU100719
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_init_sock() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Use-after-free
EUVDB-ID: #VU102396
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56765
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vas_mmap_fault() function in arch/powerpc/platforms/book3s/vas-api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Use-after-free
EUVDB-ID: #VU102015
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56601
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv4/af_inet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Integer overflow
EUVDB-ID: #VU101921
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53146
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Out-of-bounds read
EUVDB-ID: #VU102086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56597
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Input validation error
EUVDB-ID: #VU102283
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56622
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the read_req_latency_avg_show() and write_req_latency_avg_show() functions in drivers/ufs/core/ufs-sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Use of uninitialized resource
EUVDB-ID: #VU100136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50205
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Input validation error
EUVDB-ID: #VU102186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56647
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the icmp_route_lookup() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Use-after-free
EUVDB-ID: #VU102030
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56651
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hi3110_can_ist() function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Memory leak
EUVDB-ID: #VU101996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56572
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the allocate_buffers_internal() function in drivers/media/platform/allegro-dvt/allegro-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) NULL pointer dereference
EUVDB-ID: #VU102127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56568
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_smmu_probe_device() function in drivers/iommu/arm/arm-smmu/arm-smmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Memory leak
EUVDB-ID: #VU100704
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53087
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xe_exec_ioctl() function in drivers/gpu/drm/xe/xe_exec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Use-after-free
EUVDB-ID: #VU100060
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50152
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_set_ea() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) NULL pointer dereference
EUVDB-ID: #VU102143
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53230
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_get_cpu_cost() function in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Double free
EUVDB-ID: #VU100632
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50276
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mse102x_tx_frame_spi() function in drivers/net/ethernet/vertexcom/mse102x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Input validation error
EUVDB-ID: #VU102279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56562
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i3c_master_put_i3c_addrs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) NULL pointer dereference
EUVDB-ID: #VU102128
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56565
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the f2fs_freeze() function in fs/f2fs/super.c, within the __submit_discard_cmd() function in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Out-of-bounds read
EUVDB-ID: #VU102087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56596
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the jfs_readdir() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Use of uninitialized resource
EUVDB-ID: #VU100194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50237
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Use-after-free
EUVDB-ID: #VU102049
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53194
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_slot_release(), pci_bus_get() and make_slot_name() functions in drivers/pci/slot.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Improper locking
EUVDB-ID: #VU102174
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53176
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cifs_dentry_needs_reval() function in fs/smb/client/inode.c, within the init_cifs() and cifs_destroy_netfs() functions in fs/smb/client/cifsfs.c, within the free_cached_dir(), close_all_cached_dirs(), invalidate_all_cached_dirs(), cached_dir_lease_break(), init_cached_dir(), cfids_laundromat_worker(), init_cached_dirs() and free_cached_dirs() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Input validation error
EUVDB-ID: #VU102273
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the caam_qi_init() function in drivers/crypto/caam/qi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) NULL pointer dereference
EUVDB-ID: #VU102107
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_sdiod_sgtable_alloc() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) NULL pointer dereference
EUVDB-ID: #VU100176
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50225
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_bio_init() and __btrfs_bio_end_io() functions in fs/btrfs/bio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Improper locking
EUVDB-ID: #VU102949
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47143
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_unmap() function in kernel/dma/debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Out-of-bounds read
EUVDB-ID: #VU100622
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Input validation error
EUVDB-ID: #VU105432
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_PCI_FIXUP_SUSPEND() function in arch/x86/pci/fixup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Integer overflow
EUVDB-ID: #VU101922
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53151
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the xdr_check_write_chunk() function in net/sunrpc/xprtrdma/svc_rdma_recvfrom.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Input validation error
EUVDB-ID: #VU100204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50259
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nsim_nexthop_bucket_activity_write() function in drivers/net/netdevsim/fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Use-after-free
EUVDB-ID: #VU100059
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50150
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the typec_altmode_release() and typec_register_altmode() functions in drivers/usb/typec/class.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Integer overflow
EUVDB-ID: #VU101920
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53145
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the setup_physmem() function in arch/um/kernel/physmem.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Input validation error
EUVDB-ID: #VU102281
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56590
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_tx_work() and hci_acldata_packet() functions in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Resource management error
EUVDB-ID: #VU100201
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50222
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the copy_page_from_iter_atomic() function in lib/iov_iter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Improper error handling
EUVDB-ID: #VU100729
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53058
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Improper locking
EUVDB-ID: #VU102156
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56687
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the musb_free_request() function in drivers/usb/musb/musb_gadget.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Input validation error
EUVDB-ID: #VU102261
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56690
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pcrypt_aead_encrypt() and pcrypt_aead_decrypt() functions in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Use-after-free
EUVDB-ID: #VU102071
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56538
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zynqmp_dpsub_drm_cleanup() function in drivers/gpu/drm/xlnx/zynqmp_kms.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Improper locking
EUVDB-ID: #VU100746
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53044
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_block_get_ext() function in net/sched/cls_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) NULL pointer dereference
EUVDB-ID: #VU100625
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50292
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) NULL pointer dereference
EUVDB-ID: #VU102123
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56577
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_jpegdec_hw_init_irq() and mtk_jpegdec_hw_probe() functions in drivers/media/platform/mediatek/jpeg/mtk_jpeg_dec_hw.c, within the mtk_jpeg_single_core_init() and mtk_jpeg_probe() functions in drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Double free
EUVDB-ID: #VU100191
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50235
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the _cfg80211_unregister_wdev() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Memory leak
EUVDB-ID: #VU100057
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50172
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bnxt_re_setup_chip_ctx() function in drivers/infiniband/hw/bnxt_re/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Buffer overflow
EUVDB-ID: #VU101231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53127
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dw_mci_init_slot() function in drivers/mmc/host/dw_mmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Out-of-bounds read
EUVDB-ID: #VU102083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56615
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Memory leak
EUVDB-ID: #VU100705
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53088
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Improper locking
EUVDB-ID: #VU100077
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50141
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Resource management error
EUVDB-ID: #VU102250
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53223
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the to_mtmips_clk(), mt76x8_cpu_recalc_rate(), CLK_BASE() and ARRAY_SIZE() functions in drivers/clk/ralink/clk-mtmips.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Improper locking
EUVDB-ID: #VU99826
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50135
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_pci_nr_maps() and nvme_reset_work() functions in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Out-of-bounds read
EUVDB-ID: #VU100173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50262
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Use-after-free
EUVDB-ID: #VU102057
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53174
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the c_show() function in net/sunrpc/cache.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Resource management error
EUVDB-ID: #VU102253
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56545
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mousevsc_hid_raw_request(), HID_DEVICE(), mousevsc_probe() and mousevsc_init() functions in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Improper locking
EUVDB-ID: #VU100834
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53093
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_add_ns_head_cdev(), nvme_mpath_alloc_disk(), nvme_mpath_set_live(), nvme_mpath_shutdown_disk() and nvme_mpath_remove_disk() functions in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Improper error handling
EUVDB-ID: #VU102204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56586
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_write_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Memory leak
EUVDB-ID: #VU101097
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53118
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vsock_sk_destruct() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Input validation error
EUVDB-ID: #VU102271
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56727
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the otx2_alloc_mcam_entries() and otx2_mcam_entry_init() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Memory leak
EUVDB-ID: #VU102897
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57874
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tagged_addr_ctrl_get() and tagged_addr_ctrl_set() functions in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Use-after-free
EUVDB-ID: #VU100613
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50267
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Improper Initialization
EUVDB-ID: #VU100735
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53048
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the ARRAY_SIZE() and ice_cgu_get_pin_desc() functions in drivers/net/ethernet/intel/ice/ice_ptp_hw.c, within the ice_dpll_init_worker() and ice_dpll_init_info_direct_pins() functions in drivers/net/ethernet/intel/ice/ice_dpll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Buffer overflow
EUVDB-ID: #VU100198
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50250
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dax_unshare_iter() function in fs/dax.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Improper locking
EUVDB-ID: #VU102182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56533
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_usx2y_disconnect() function in sound/usb/usx2y/usbusx2y.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Improper error handling
EUVDB-ID: #VU102209
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53196
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_mmio_read_buf() and kvm_handle_mmio_return() functions in arch/arm64/kvm/mmio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Use-after-free
EUVDB-ID: #VU102912
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpumsf_pmu_stop() function in arch/s390/kernel/perf_cpum_sf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Resource management error
EUVDB-ID: #VU99168
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50010
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYSCALL_DEFINE1(), EXPORT_SYMBOL() and do_open_execat() functions in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) NULL pointer dereference
EUVDB-ID: #VU101224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53129
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vop_plane_atomic_async_check() function in drivers/gpu/drm/rockchip/rockchip_drm_vop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Memory leak
EUVDB-ID: #VU101098
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53119
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_transport_recv_listen() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Memory leak
EUVDB-ID: #VU101983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56742
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5vf_add_migration_pages() function in drivers/vfio/pci/mlx5/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Resource management error
EUVDB-ID: #VU100736
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53045
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dapm_widget_list_create() function in sound/soc/soc-dapm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Use-after-free
EUVDB-ID: #VU100167
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50226
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mock_decoder_commit() function in tools/testing/cxl/test/cxl.c, within the cxl_region_invalidate_memregion(), cxl_region_decode_reset(), commit_store() and cxl_region_detach() functions in drivers/cxl/core/region.c, within the cxl_decoder_commit() and cxl_decoder_reset() functions in drivers/cxl/core/hdm.c, within the device_for_each_child_reverse() function in drivers/base/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Use-after-free
EUVDB-ID: #VU102058
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53173
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Improper locking
EUVDB-ID: #VU102178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53220
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/f2fs/segment.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Use-after-free
EUVDB-ID: #VU102051
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53185
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Improper locking
EUVDB-ID: #VU100630
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50294
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_connect_client_calls() and rxrpc_disconnect_client_call() functions in net/rxrpc/conn_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) Resource management error
EUVDB-ID: #VU102231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53181
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vector_device_release() function in arch/um/drivers/vector_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Out-of-bounds read
EUVDB-ID: #VU101910
Risk: High
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53150
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
228) NULL pointer dereference
EUVDB-ID: #VU102925
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the validate_lock_args() function in fs/dlm/lock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Memory leak
EUVDB-ID: #VU101981
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56746
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sh7760fb_alloc_mem() function in drivers/video/fbdev/sh7760fb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Improper error handling
EUVDB-ID: #VU102207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53233
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the utf8_load() function in fs/unicode/utf8-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) NULL pointer dereference
EUVDB-ID: #VU102112
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56620
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufs_qcom_probe() function in drivers/ufs/host/ufs-qcom.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) Double free
EUVDB-ID: #VU102195
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53213
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the lan78xx_probe() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Off-by-one
EUVDB-ID: #VU101919
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53163
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the uof_get_name() function in drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Out-of-bounds read
EUVDB-ID: #VU102079
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56648
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fill_frame_info() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Use-after-free
EUVDB-ID: #VU102027
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56640
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_listen_out() and smc_listen_work() functions in net/smc/af_smc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) NULL pointer dereference
EUVDB-ID: #VU102926
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48873
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_update_6ghz_rnr_chan() function in drivers/net/wireless/realtek/rtw89/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) NULL pointer dereference
EUVDB-ID: #VU102134
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53209
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bnxt_set_rx_skb_mode() and bnxt_change_mtu() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Buffer overflow
EUVDB-ID: #VU100203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50246
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Input validation error
EUVDB-ID: #VU100189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50258
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the NLA_POLICY_MIN() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) Buffer overflow
EUVDB-ID: #VU102968
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57850
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the jffs2_rtime_decompress() function in fs/jffs2/compr_rtime.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) NULL pointer dereference
EUVDB-ID: #VU102151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56549
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cachefiles_ondemand_fd_write_iter() and cachefiles_ondemand_fd_llseek() functions in fs/cachefiles/ondemand.c, within the cachefiles_commit_object() and cachefiles_clean_up_object() functions in fs/cachefiles/interface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) Out-of-bounds read
EUVDB-ID: #VU102080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56627
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) NULL pointer dereference
EUVDB-ID: #VU102486
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56778
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_hqvdp_atomic_check() function in drivers/gpu/drm/sti/sti_hqvdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Input validation error
EUVDB-ID: #VU102266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56720
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sk_msg_shift_left() and BPF_CALL_4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Improper error handling
EUVDB-ID: #VU100192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50256
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nf_reject6_fill_skb_dst() and nf_send_reset6() functions in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Input validation error
EUVDB-ID: #VU102269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56725
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the otx2_config_priority_flow_ctrl() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Memory leak
EUVDB-ID: #VU101985
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56729
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spin_lock() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Resource management error
EUVDB-ID: #VU100743
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53046
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/arm64/boot/dts/freescale/imx8ulp.dtsi. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) Double free
EUVDB-ID: #VU102193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56573
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the efi_handle_cmdline() function in drivers/firmware/efi/libstub/efi-stub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Improper locking
EUVDB-ID: #VU101107
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53112
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_commit_trans() function in fs/ocfs2/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) NULL pointer dereference
EUVDB-ID: #VU101104
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53115
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vmw_framebuffer_surface_create_handle() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) Improper locking
EUVDB-ID: #VU100184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50234
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) Resource management error
EUVDB-ID: #VU102249
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53172
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the alloc_ai(), scan_fast() and ubi_attach() functions in drivers/mtd/ubi/attach.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) Use-after-free
EUVDB-ID: #VU102042
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56558
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) Resource management error
EUVDB-ID: #VU102495
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56787
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx8mq_soc_revision_from_atf(), imx8mq_soc_revision(), imx8mm_soc_uid(), kasprintf(), imx8_soc_init() and kfree() functions in drivers/soc/imx/soc-imx8m.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
256) Resource management error
EUVDB-ID: #VU102234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53184
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ubd_open_dev() function in arch/um/drivers/ubd_kern.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
257) Improper error handling
EUVDB-ID: #VU99833
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50131
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the traceprobe_parse_event_name() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
258) NULL pointer dereference
EUVDB-ID: #VU100180
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50255
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __hci_cmd_sync_sk() and __hci_cmd_sync_status_sk() functions in net/bluetooth/hci_sync.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
259) Improper locking
EUVDB-ID: #VU100078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50155
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nsim_dev_trap_report_work() and nsim_dev_traps_init() functions in drivers/net/netdevsim/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
260) Buffer overflow
EUVDB-ID: #VU102214
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53187
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the io_pin_pages() function in io_uring/memmap.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
261) Improper locking
EUVDB-ID: #VU102946
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49569
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_stop_keep_alive() function in drivers/nvme/host/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
262) Out-of-bounds read
EUVDB-ID: #VU102082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56616
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drm_dp_decode_sideband_msg_hdr() function in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
263) Out-of-bounds read
EUVDB-ID: #VU101909
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53147
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
264) Division by zero
EUVDB-ID: #VU101112
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53123
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the mptcp_recvmsg() and pr_debug() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
265) Out-of-bounds read
EUVDB-ID: #VU101912
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53162
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the uof_get_name() function in drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
266) Buffer overflow
EUVDB-ID: #VU101235
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53126
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the psnet_open_pf_bar() function in drivers/vdpa/solidrun/snet_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
267) Buffer overflow
EUVDB-ID: #VU100733
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53061
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
268) Memory leak
EUVDB-ID: #VU102004
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53210
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iucv_sock_recvmsg() function in net/iucv/af_iucv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
269) Improper locking
EUVDB-ID: #VU99827
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50138
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_ringbuf_alloc() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
270) Double free
EUVDB-ID: #VU101108
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53105
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the __page_cache_release() function in mm/swap.c, within the free_pages_prepare() function in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
271) Memory leak
EUVDB-ID: #VU101992
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56644
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ip6_negative_advice() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
272) NULL pointer dereference
EUVDB-ID: #VU99816
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50105
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sc7280_snd_shutdown() and sc7280_snd_startup() functions in sound/soc/qcom/sc7280.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
273) Improper locking
EUVDB-ID: #VU100128
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50207
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_subbuf_order_set() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
274) Integer underflow
EUVDB-ID: #VU101924
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53158
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the geni_se_clk_tbl_get() function in drivers/soc/qcom/qcom-geni-se.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
275) Use-after-free
EUVDB-ID: #VU100169
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50261
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macsec_free_netdev() function in drivers/net/macsec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
276) Use-after-free
EUVDB-ID: #VU102013
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56693
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __setup(), brd_alloc(), brd_cleanup() and brd_init() functions in drivers/block/brd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
277) Input validation error
EUVDB-ID: #VU102995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41935
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __grab_extent_tree(), __destroy_extent_node(), __update_extent_tree_range(), write_unlock(), __shrink_extent_tree(), f2fs_shrink_age_extent_tree(), f2fs_destroy_extent_node() and __drop_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
278) Improper locking
EUVDB-ID: #VU101227
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53128
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/linux/sched/task_stack.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
279) Improper error handling
EUVDB-ID: #VU99831
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50116
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
280) Use of uninitialized resource
EUVDB-ID: #VU100084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50143
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
281) Resource management error
EUVDB-ID: #VU104074
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21702
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
282) Resource management error
EUVDB-ID: #VU100739
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53072
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amd_pmc_s2d_init() function in drivers/platform/x86/amd/pmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
283) Improper locking
EUVDB-ID: #VU100939
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53100
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_tcp_get_address() function in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
284) NULL pointer dereference
EUVDB-ID: #VU94961
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42122
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c, within the dcn321_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c, within the dcn32_hpo_dp_link_encoder_create() and dml1_validate() functions in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn316/dcn316_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn314_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn31_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c, within the dcn30_validate_bandwidth() function in drivers/gpu/drm/amd/display/dc/resource/dcn30/dcn30_resource.c, within the dcn32_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c, within the dcn3_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
285) Use-after-free
EUVDB-ID: #VU100706
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50303
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the walk_system_ram_res_rev() function in kernel/resource.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
286) Use-after-free
EUVDB-ID: #VU99805
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50124
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ISO_CONN_TIMEOUT(), iso_sock_timeout() and iso_conn_del() functions in net/bluetooth/iso.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
287) Use-after-free
EUVDB-ID: #VU102021
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56606
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
288) Buffer overflow
EUVDB-ID: #VU102213
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56557
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the __aligned() function in drivers/iio/adc/ad7923.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
289) Use of uninitialized resource
EUVDB-ID: #VU100731
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53083
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the qcom_pmic_typec_pdphy_pd_transmit_payload() function in drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
290) Input validation error
EUVDB-ID: #VU100631
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50299
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
291) Improper locking
EUVDB-ID: #VU102168
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cq_thread_v3_hw() function in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
292) NULL pointer dereference
EUVDB-ID: #VU100626
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50296
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hnae3_unregister_ae_algo_prepare() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
293) Resource management error
EUVDB-ID: #VU100644
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50275
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sve_init_regs() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
294) NULL pointer dereference
EUVDB-ID: #VU102101
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56698
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_prepare_trbs_sg() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
295) Improper locking
EUVDB-ID: #VU100185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50245
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_lookup() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
296) Improper error handling
EUVDB-ID: #VU100238
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50263
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dup_mmap() and vma_iter_free() functions in kernel/fork.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
297) Use-after-free
EUVDB-ID: #VU102025
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56633
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
298) Input validation error
EUVDB-ID: #VU100188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50230
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
299) Improper error handling
EUVDB-ID: #VU102205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56579
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vpu_add_func() function in drivers/media/platform/amphion/vpu_v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
300) Memory leak
EUVDB-ID: #VU100161
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50231
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_gts_build_avail_scale_table() function in drivers/iio/industrialio-gts-helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
301) Resource management error
EUVDB-ID: #VU100646
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50295
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arc_emac_tx_clean(), arc_emac_rx(), arc_emac_open(), arc_emac_set_rx_mode(), arc_free_tx_queue(), arc_free_rx_queue() and arc_emac_tx() functions in drivers/net/ethernet/arc/emac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
302) NULL pointer dereference
EUVDB-ID: #VU102109
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56611
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the migrate_to_node() function in mm/mempolicy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
303) NULL pointer dereference
EUVDB-ID: #VU102097
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56689
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_mhi_bind() function in drivers/pci/endpoint/functions/pci-epf-mhi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
304) Use-after-free
EUVDB-ID: #VU100064
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50159
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the scmi_debugfs_common_setup() function in drivers/firmware/arm_scmi/driver.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
305) NULL pointer dereference
EUVDB-ID: #VU102928
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53680
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
306) Use-after-free
EUVDB-ID: #VU102039
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56551
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_vce_sw_fini() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c, within the amdgpu_device_fini_sw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
307) Memory leak
EUVDB-ID: #VU101979
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56748
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qedf_alloc_and_init_sb() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
308) Improper locking
EUVDB-ID: #VU100186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50249
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the acpi_cppc_processor_probe() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
309) Use-after-free
EUVDB-ID: #VU102061
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53168
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
310) Memory leak
EUVDB-ID: #VU101993
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvme_stop_keep_alive() function in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
311) NULL pointer dereference
EUVDB-ID: #VU100713
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53060
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
312) Out-of-bounds read
EUVDB-ID: #VU94836
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41014
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
313) Memory leak
EUVDB-ID: #VU101099
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53121
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lookup_fte_locked() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
314) NULL pointer dereference
EUVDB-ID: #VU100070
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50145
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the octep_oq_next_pkt() and __octep_oq_process_rx() functions in drivers/net/ethernet/marvell/octeon_ep/octep_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
315) Integer overflow
EUVDB-ID: #VU100732
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53081
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the calc_pll() function in drivers/media/i2c/ar0521.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
316) Out-of-bounds read
EUVDB-ID: #VU100066
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50151
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
317) Resource management error
EUVDB-ID: #VU102492
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56781
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fixup_device_tree_chrp(), fixup_device_tree_pmac() and fixup_device_tree() functions in arch/powerpc/kernel/prom_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
318) Memory leak
EUVDB-ID: #VU99801
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50110
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_to_user_auth() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
319) Buffer overflow
EUVDB-ID: #VU101927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53148
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the comedi_mmap() function in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
320) Division by zero
EUVDB-ID: #VU102216
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56567
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad7780_write_raw() function in drivers/iio/adc/ad7780.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
321) Resource management error
EUVDB-ID: #VU102228
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56641
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smc_sk_init(), smc_connect_rdma(), smc_connect_ism() and smc_listen_work() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
322) Use-after-free
EUVDB-ID: #VU102063
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53208
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_set_powered_complete() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
323) Use-after-free
EUVDB-ID: #VU102022
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56619
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
324) Resource management error
EUVDB-ID: #VU102974
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52332
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the igb_init_module() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
325) Memory leak
EUVDB-ID: #VU102476
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56775
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the restore_planes_and_stream_state() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
326) Out-of-bounds read
EUVDB-ID: #VU102081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56626
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_write() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
327) NULL pointer dereference
EUVDB-ID: #VU102096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xs_sock_reset_state_flags() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
328) Improper error handling
EUVDB-ID: #VU102208
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53215
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the svc_rdma_proc_init() function in net/sunrpc/xprtrdma/svc_rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
329) Input validation error
EUVDB-ID: #VU102496
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56783
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nft_socket_cgroup_subtree_level() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
330) NULL pointer dereference
EUVDB-ID: #VU99814
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50103
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the asoc_qcom_lpass_cpu_platform_probe() function in sound/soc/qcom/lpass-cpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
331) NULL pointer dereference
EUVDB-ID: #VU102142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53226
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
332) Buffer overflow
EUVDB-ID: #VU100638
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50282
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the amdgpu_debugfs_regs_smc_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
333) Input validation error
EUVDB-ID: #VU102265
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56755
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/netfs/fscache_volume.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
334) Out-of-bounds read
EUVDB-ID: #VU100618
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50268
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ucsi_ccg_update_set_new_cam_cmd() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
335) Improper locking
EUVDB-ID: #VU100628
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50271
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dec_rlimit_put_ucounts() and inc_rlimit_get_ucounts() functions in kernel/ucount.c, within the __sigqueue_alloc() function in kernel/signal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
336) Memory leak
EUVDB-ID: #VU100702
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_gts_build_avail_scale_table() function in drivers/iio/industrialio-gts-helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
337) Improper locking
EUVDB-ID: #VU102164
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56610
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), kcsan_skip_report_debugfs(), set_report_filterlist_whitelist(), insert_report_filterlist() and show_info() functions in kernel/kcsan/debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
338) Resource management error
EUVDB-ID: #VU102245
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56636
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the geneve_xmit_skb() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
339) NULL pointer dereference
EUVDB-ID: #VU96853
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44955
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_mst_connector_early_unregister(), dm_dp_mst_detect() and is_dsc_need_re_compute() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
340) Use-after-free
EUVDB-ID: #VU102023
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56623
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2x00_do_dpc() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
341) Improper locking
EUVDB-ID: #VU102157
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56694
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_strp_data_ready() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
342) Out-of-bounds read
EUVDB-ID: #VU102076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56608
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dcn21_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
343) Resource management error
EUVDB-ID: #VU102229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56576
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
344) Input validation error
EUVDB-ID: #VU102184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56692
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the truncate_node() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
345) Resource management error
EUVDB-ID: #VU102225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56723
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
346) Double free
EUVDB-ID: #VU102194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53191
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ath12k_dp_free() function in drivers/net/wireless/ath/ath12k/dp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
347) Use-after-free
EUVDB-ID: #VU102010
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56677
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the setup_arch() function in arch/powerpc/kernel/setup-common.c, within the fadump_cma_init() and fadump_reserve_mem() functions in arch/powerpc/kernel/fadump.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
348) Improper locking
EUVDB-ID: #VU102948
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48875
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_map_block() function in fs/btrfs/volumes.c, within the btrfs_dev_replace_start() and list_add() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
349) Buffer overflow
EUVDB-ID: #VU101119
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53106
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ima_eventdigest_init_common() function in security/integrity/ima/ima_template_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
350) Use-after-free
EUVDB-ID: #VU102012
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56678
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ___do_page_fault() function in arch/powerpc/mm/fault.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
351) NULL pointer dereference
EUVDB-ID: #VU100623
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50273
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
352) Buffer overflow
EUVDB-ID: #VU100140
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50206
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mtk_init_fq_dma() function in drivers/net/ethernet/mediatek/mtk_eth_soc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
353) Memory leak
EUVDB-ID: #VU100055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50170
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcmasp_xmit() function in drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
354) Improper locking
EUVDB-ID: #VU102160
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56594
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_ttm_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
355) Input validation error
EUVDB-ID: #VU102275
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56707
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the otx2_dmacflt_do_add() and otx2_dmacflt_update() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
356) NULL pointer dereference
EUVDB-ID: #VU102117
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56649
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
357) Memory leak
EUVDB-ID: #VU100053
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50167
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the be_xmit() function in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
358) Resource management error
EUVDB-ID: #VU102226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56691
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the wcove_typec_probe() function in drivers/usb/typec/tcpm/wcove.c, within the ARRAY_SIZE(), bxtwc_add_chained_irq_chip() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
359) Input validation error
EUVDB-ID: #VU102276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56683
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vc4_hdmi_debugfs_regs() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
360) Improper locking
EUVDB-ID: #VU100720
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53052
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
361) Memory leak
EUVDB-ID: #VU101980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56747
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qedi_alloc_and_init_sb() function in drivers/scsi/qedi/qedi_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
362) NULL pointer dereference
EUVDB-ID: #VU102924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47141
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pr_fmt(), pinmux_can_be_used_for_gpio(), pin_request(), pin_free(), pinmux_enable_setting(), pinmux_disable_setting() and pinmux_pins_show() functions in drivers/pinctrl/pinmux.c, within the pinctrl_register_one_pin() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
363) Resource management error
EUVDB-ID: #VU102252
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56543
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ath12k_mac_peer_cleanup_all() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
364) NULL pointer dereference
EUVDB-ID: #VU102125
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56574
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ts2020_regmap_unlock() function in drivers/media/dvb-frontends/ts2020.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
365) Improper locking
EUVDB-ID: #VU100726
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53085
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tpm_pm_suspend() and tpm_get_random() functions in drivers/char/tpm/tpm-interface.c, within the tpm_hwrng_read() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
366) Resource management error
EUVDB-ID: #VU99836
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50136
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlx5_eswitch_enable_locked() function in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
367) Memory leak
EUVDB-ID: #VU102477
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56779
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the release_open_stateid(), spin_lock() and nfsd4_process_open2() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
368) Integer overflow
EUVDB-ID: #VU101110
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53111
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the mm/mremap.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
369) Use-after-free
EUVDB-ID: #VU101223
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53139
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_v6_available() function in net/sctp/ipv6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
370) Double free
EUVDB-ID: #VU102192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the xen_9pfs_front_free() function in net/9p/trans_xen.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
371) Memory leak
EUVDB-ID: #VU101982
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56745
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the reset_method_store() function in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
372) Resource management error
EUVDB-ID: #VU102251
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53234
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the z_erofs_load_compact_lcluster() and z_erofs_get_extent_decompressedlen() functions in fs/erofs/zmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
373) Incorrect calculation
EUVDB-ID: #VU101234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53138
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the tx_sync_info_get(), mlx5e_ktls_tx_handle_resync_dump_comp() and mlx5e_ktls_tx_handle_ooo() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
374) Use-after-free
EUVDB-ID: #VU99809
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50130
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_hook_run_bpf(), bpf_nf_link_release() and bpf_nf_link_attach() functions in net/netfilter/nf_bpf_link.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
375) NULL pointer dereference
EUVDB-ID: #VU102927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cache_set_flush() function in drivers/md/bcache/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
376) Integer overflow
EUVDB-ID: #VU101109
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53107
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the pagemap_scan_get_args() function in fs/proc/task_mmu.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
377) Use-after-free
EUVDB-ID: #VU102066
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53218
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_do_shutdown() function in fs/f2fs/file.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
378) Use-after-free
EUVDB-ID: #VU102017
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56602
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
379) Improper locking
EUVDB-ID: #VU102180
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56531
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_usb_caiaq_input_free() function in sound/usb/caiaq/input.c, within the setup_card(), init_card() and snd_disconnect() functions in sound/usb/caiaq/device.c, within the snd_usb_caiaq_audio_init() function in sound/usb/caiaq/audio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
380) NULL pointer dereference
EUVDB-ID: #VU101913
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53154
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the applnco_probe() function in drivers/clk/clk-apple-nco.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
381) Improper locking
EUVDB-ID: #VU102181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56532
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_us122l_disconnect() function in sound/usb/usx2y/us122l.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
382) NULL pointer dereference
EUVDB-ID: #VU101225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53130
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nilfs_grab_buffer() function in fs/nilfs2/page.c, within the nilfs_mdt_create_block() function in fs/nilfs2/mdt.c, within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c, within the nilfs_btnode_create_block() and nilfs_btnode_submit_block() functions in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
383) Double free
EUVDB-ID: #VU100190
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50215
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvmet_setup_dhgroup() function in drivers/nvme/target/auth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
384) NULL pointer dereference
EUVDB-ID: #VU100072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50147
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_cmd_comp_handler(), mlx5_cmd_trigger_completions() and mlx5_cmd_enable() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
385) Improper locking
EUVDB-ID: #VU102166
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56607
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_mac_op_set_bitrate_mask() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
386) Reachable assertion
EUVDB-ID: #VU99829
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50137
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the jh71x0_reset_status() function in drivers/reset/starfive/reset-starfive-jh71x0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
387) Infinite loop
EUVDB-ID: #VU102971
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47794
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the bpf_attach_type_to_tramp(), __bpf_trampoline_link_prog(), __bpf_trampoline_unlink_prog(), bpf_shim_tramp_link_release() and bpf_trampoline_link_cgroup_shim() functions in kernel/bpf/trampoline.c, within the bpf_tracing_link_release() and bpf_tracing_prog_attach() functions in kernel/bpf/syscall.c, within the bpf_prog_alloc_no_stats() function in kernel/bpf/core.c, within the prog_fd_array_get_ptr() function in kernel/bpf/arraymap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
388) Out-of-bounds read
EUVDB-ID: #VU100067
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50158
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_re_ib_get_hw_stats() function in drivers/infiniband/hw/bnxt_re/hw_counters.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
389) NULL pointer dereference
EUVDB-ID: #VU100178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50239
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_legacy_probe() function in drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
390) Integer underflow
EUVDB-ID: #VU102210
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56645
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the j1939_session_new() function in net/can/j1939/transport.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
391) Use-after-free
EUVDB-ID: #VU102059
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53171
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the get_znodes_to_commit() function in fs/ubifs/tnc_commit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
392) Improper locking
EUVDB-ID: #VU102167
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56592
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the htab_elem_free(), free_htab_elem(), alloc_htab_elem(), htab_map_update_elem(), htab_map_delete_elem() and prealloc_lru_pop() functions in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
393) Use-after-free
EUVDB-ID: #VU102478
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56772
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kunit_debugfs_create_suite() function in lib/kunit/debugfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
394) Out-of-bounds read
EUVDB-ID: #VU100621
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50288
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vid_cap_start_streaming() function in drivers/media/test-drivers/vivid/vivid-vid-cap.c, within the vivid_vid_cap_s_ctrl() function in drivers/media/test-drivers/vivid/vivid-ctrls.c, within the vivid_create_queue() function in drivers/media/test-drivers/vivid/vivid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
395) NULL pointer dereference
EUVDB-ID: #VU100073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50156
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_disp_state_dump_regs() and msm_disp_state_print() functions in drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
396) Improper Initialization
EUVDB-ID: #VU102222
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53180
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the snd_pcm_mmap_data_fault() function in sound/core/pcm_native.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
397) Race condition
EUVDB-ID: #VU102220
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53169
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the EXPORT_SYMBOL_GPL() function in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
398) NULL pointer dereference
EUVDB-ID: #VU102115
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56634
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the grgpio_probe() function in drivers/gpio/gpio-grgpio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
399) Input validation error
EUVDB-ID: #VU102272
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56728
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the otx2_get_pauseparam() and otx2_set_fecparam() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
400) Input validation error
EUVDB-ID: #VU102268
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56722
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the free_srqc() function in drivers/infiniband/hw/hns/hns_roce_srq.c, within the hns_roce_mr_free() function in drivers/infiniband/hw/hns/hns_roce_mr.c, within the set_rwqe_data_seg(), free_mr_modify_rsv_qp(), free_mr_post_send_lp_wqe(), free_mr_send_cmd_to_hw(), hns_roce_v2_set_abs_fields(), hns_roce_v2_modify_qp(), hns_roce_v2_query_qp(), hns_roce_v2_destroy_qp_common(), hns_roce_v2_destroy_qp(), hns_roce_v2_modify_cq() and hns_roce_v2_query_cqc() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c, within the hns_roce_table_put() function in drivers/infiniband/hw/hns/hns_roce_hem.c, within the free_cqc() function in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
401) Buffer overflow
EUVDB-ID: #VU100148
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50209
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
402) NULL pointer dereference
EUVDB-ID: #VU102106
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56588
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the debugfs_to_reg_name_v3_hw(), debugfs_global_v3_hw_show(), debugfs_axi_v3_hw_show(), debugfs_ras_v3_hw_show(), debugfs_port_v3_hw_show(), debugfs_cq_v3_hw_show(), debugfs_dq_show_slot_v3_hw(), debugfs_iost_v3_hw_show(), debugfs_iost_cache_v3_hw_show(), debugfs_itct_v3_hw_show(), debugfs_itct_cache_v3_hw_show(), debugfs_create_files_v3_hw(), debugfs_release_v3_hw(), debugfs_snapshot_regs_v3_hw(), debugfs_bist_init_v3_hw() and debugfs_init_v3_hw() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
403) Memory leak
EUVDB-ID: #VU100936
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53096
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the do_munmap(), mmap_region(), vma_set_page_prot() and vms_abort_munmap_vmas() functions in mm/mmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
404) Use-after-free
EUVDB-ID: #VU102075
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56548
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
405) Use-after-free
EUVDB-ID: #VU102048
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53166
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_choose_req(), bfqq_request_over_limit() and bfq_limit_depth() functions in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
406) NULL pointer dereference
EUVDB-ID: #VU102482
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56773
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kunit_device_driver_test() function in lib/kunit/kunit-test.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
407) NULL pointer dereference
EUVDB-ID: #VU102124
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56575
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mxc_jpeg_detach_pm_domains() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
408) Out-of-bounds read
EUVDB-ID: #VU102078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56650
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the led_tg_check() function in net/netfilter/xt_LED.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
409) Use-after-free
EUVDB-ID: #VU99808
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50127
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
410) Improper locking
EUVDB-ID: #VU102153
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56744
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the system_going_down() and f2fs_handle_critical_error() functions in fs/f2fs/super.c, within the f2fs_stop_checkpoint() function in fs/f2fs/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
411) Use-after-free
EUVDB-ID: #VU102074
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56546
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xlnx_add_cb_for_suspend() function in drivers/soc/xilinx/xlnx_event_manager.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
412) Use-after-free
EUVDB-ID: #VU100062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50154
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
413) Memory leak
EUVDB-ID: #VU102005
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53202
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fw_log_firmware_info() function in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
414) NULL pointer dereference
EUVDB-ID: #VU102487
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56782
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_quirk_skip_serdev_enumeration() function in drivers/acpi/x86/utils.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
415) Buffer overflow
EUVDB-ID: #VU100641
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50270
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the damon_feed_loop_next_input() function in mm/damon/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
416) NULL pointer dereference
EUVDB-ID: #VU101914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53157
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_dvfs_get_info() function in drivers/firmware/arm_scpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
417) Input validation error
EUVDB-ID: #VU100206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50243
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ni_find_attr() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
418) Resource management error
EUVDB-ID: #VU102243
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56583
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the enqueue_dl_entity() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
419) Use-after-free
EUVDB-ID: #VU102070
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53239
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
420) Out-of-bounds read
EUVDB-ID: #VU106651
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21993
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
421) Use-after-free
EUVDB-ID: #VU102018
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56603
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
422) NULL pointer dereference
EUVDB-ID: #VU102114
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56629
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
423) Improper locking
EUVDB-ID: #VU101228
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53135
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the module_param() function in arch/x86/kvm/vmx/vmx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
424) Improper locking
EUVDB-ID: #VU102154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56739
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtc_timer_do_work() function in drivers/rtc/interface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
425) Use-after-free
EUVDB-ID: #VU100615
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50283
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
426) NULL pointer dereference
EUVDB-ID: #VU102105
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56580
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the camss_configure_pd() function in drivers/media/platform/qcom/camss/camss.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
427) Improper locking
EUVDB-ID: #VU100080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50169
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtio_transport_read_skb() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
428) NULL pointer dereference
EUVDB-ID: #VU102483
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56774
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
429) Improper locking
EUVDB-ID: #VU100718
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53042
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/net/ip_tunnels.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
430) Use-after-free
EUVDB-ID: #VU102067
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53227
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfad_init() function in drivers/scsi/bfa/bfad.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
431) Improper locking
EUVDB-ID: #VU100723
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53067
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_add_lus() and ufshcd_device_init() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
432) NULL pointer dereference
EUVDB-ID: #VU100175
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50224
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dspi_setup() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
433) Out-of-bounds read
EUVDB-ID: #VU100172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50247
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decompress_chunk() function in fs/ntfs3/lznt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
434) Division by zero
EUVDB-ID: #VU101111
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53122
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the mptcp_rcv_space_adjust() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
435) Improper locking
EUVDB-ID: #VU100833
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53090
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the afs_deferred_free_worker(), afs_alloc_call(), afs_put_call(), afs_wake_up_call_waiter() and afs_wake_up_async_call() functions in fs/afs/rxrpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
436) NULL pointer dereference
EUVDB-ID: #VU102131
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53221
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_f2fs_fs(), f2fs_destroy_post_read_processing() and exit_f2fs_fs() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
437) NULL pointer dereference
EUVDB-ID: #VU100071
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50146
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the _mlx5e_remove() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
438) NULL pointer dereference
EUVDB-ID: #VU102132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53219
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c, within the fuse_read_args_fill(), fuse_release_user_pages(), fuse_aio_complete_req(), fuse_get_frag_size(), fuse_get_user_pages() and fuse_direct_io() functions in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
439) Use of uninitialized resource
EUVDB-ID: #VU101347
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53142
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_name() and do_copy() functions in init/initramfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
440) Input validation error
EUVDB-ID: #VU102280
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56570
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ovl_dentry_init_flags() function in fs/overlayfs/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
441) Improper locking
EUVDB-ID: #VU102170
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56566
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_slab(), slab_fix() and alloc_single_from_partial() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
442) Improper locking
EUVDB-ID: #VU100076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50140
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the task_work_add() function in kernel/task_work.c, within the task_tick_mm_cid() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
443) NULL pointer dereference
EUVDB-ID: #VU102484
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56776
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sti_cursor_atomic_check() function in drivers/gpu/drm/sti/sti_cursor.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
444) Division by zero
EUVDB-ID: #VU100639
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50287
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
445) Integer overflow
EUVDB-ID: #VU101923
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53161
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the bluefield_edac_check() function in drivers/edac/bluefield_edac.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
446) Use of uninitialized resource
EUVDB-ID: #VU100636
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50300
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the rtq2208_probe() function in drivers/regulator/rtq2208-regulator.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
447) Race condition within a thread
EUVDB-ID: #VU101926
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53160
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the krc_count(), schedule_delayed_monitor_work() and kvfree_call_rcu() functions in kernel/rcu/tree.c. A local user can corrupt data.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
448) Buffer overflow
EUVDB-ID: #VU100139
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50203
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
449) NULL pointer dereference
EUVDB-ID: #VU102133
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53217
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd4_process_cb_update() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
450) Use of uninitialized resource
EUVDB-ID: #VU100195
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50244
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ni_clear() function in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
451) Input validation error
EUVDB-ID: #VU100747
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53043
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_i2c_header_create() function in drivers/net/mctp/mctp-i2c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
452) Use-after-free
EUVDB-ID: #VU100614
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_migrations(), destroy(), cache_create() and cache_ctr() functions in drivers/md/dm-cache-target.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
453) Race condition
EUVDB-ID: #VU102219
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56637
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the find_set_type() function in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
454) Memory leak
EUVDB-ID: #VU101096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53117
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_transport_send_pkt_info() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
455) Improper locking
EUVDB-ID: #VU102158
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56701
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dtl_worker_enable() and dtl_worker_disable() functions in arch/powerpc/platforms/pseries/lpar.c, within the dtl_enable() and dtl_disable() functions in arch/powerpc/platforms/pseries/dtl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
456) Buffer overflow
EUVDB-ID: #VU100648
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50291
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dvb_vb2_querybuf() function in drivers/media/dvb-core/dvb_vb2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
457) Improper error handling
EUVDB-ID: #VU99832
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50120
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smb3_reconfigure() function in fs/smb/client/fs_context.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
458) Use of uninitialized resource
EUVDB-ID: #VU100940
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ocfs2_setattr() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
459) Memory leak
EUVDB-ID: #VU100160
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50220
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mmap_write_unlock() function in kernel/fork.c, within the dup_userfaultfd_complete() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
460) Use-after-free
EUVDB-ID: #VU102043
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56561
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in drivers/pci/endpoint/pci-epc-core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-gcp-6.8 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp-64k (Ubuntu package): before 6.8.0-1028.30~22.04.1
linux-image-6.8.0-1028-gcp (Ubuntu package): before 6.8.0-1028.30~22.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6_8_0-1028-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7452-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
