Ubuntu update for linux-azure-nvidia

1) Improper access control

EUVDB-ID: #VU97651

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8805

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the implementation of the HID over GATT Profile. A remote attacker on the local network can bypass implemented security restrictions and execute arbitrary code on the target system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU104094

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0927

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hfs_bnode_read_key() function in HFS+ filesystem implementation. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Exposure of Sensitive System Information to an Unauthorized Control Sphere

EUVDB-ID: #VU107628

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-2312

CWE-ID: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exist due to cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments when trying to obtain Kerberos credentials. A local user can gain access to sensitive information.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU99101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU102013

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56693

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __setup(), brd_alloc(), brd_cleanup() and brd_init() functions in drivers/block/brd.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU98909

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49928

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/realtek/rtw89/core.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU98856

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47728

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU100187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU100119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50197

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the intel_platform_pinctrl_prepare_community() function in drivers/pinctrl/intel/pinctrl-intel-platform.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU99441

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50084

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU102101

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56698

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_prepare_trbs_sg() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU102023

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56623

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qla2x00_do_dpc() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU100139

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50203

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU102480

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56786

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bpf_link_inc() and bpf_link_free() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU102006

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53198

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xenbus_dev_probe() function in drivers/xen/xenbus/xenbus_probe.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU99019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49939

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtw89_ops_add_interface() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU98891

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU98927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49920

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU101096

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53117

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtio_transport_send_pkt_info() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU99196

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50023

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the phy_led_hw_is_supported() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU102044

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56581

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_ref_tree_mod() function in fs/btrfs/ref-verify.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU99149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49954

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU102033

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56658

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU102096

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56688

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xs_sock_reset_state_flags() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU102125

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56574

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ts2020_regmap_unlock() function in drivers/media/dvb-frontends/ts2020.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU102261

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56690

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcrypt_aead_encrypt() and pcrypt_aead_decrypt() functions in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Integer underflow

EUVDB-ID: #VU101924

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53158

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the geni_se_clk_tbl_get() function in drivers/soc/qcom/qcom-geni-se.c. A local user can execute arbitrary code.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU102485

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56777

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sti_gdp_atomic_check() function in drivers/gpu/drm/sti/sti_gdp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU102045

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56582

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_encoded_read_endio() function in fs/btrfs/inode.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU102114

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56629

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU99193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49997

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU98999

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50041

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper locking

EUVDB-ID: #VU100720

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53052

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU99807

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50126

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_dump() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU102270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56726

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cn10k_alloc_leaf_profile() function in drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU100176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50225

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_bio_init() and __btrfs_bio_end_io() functions in fs/btrfs/bio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Reachable assertion

EUVDB-ID: #VU100132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50200

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the mte_node_or_none(), mas_wr_walk(), mas_wr_walk_index() and mas_wr_spanning_store() functions in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU100938

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53099

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bpf_link_show_fdinfo() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Resource management error

EUVDB-ID: #VU99458

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50083

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU101912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53162

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the uof_get_name() function in drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper locking

EUVDB-ID: #VU102936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57876

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_dp_mst_topology_mgr_set_mst(), EXPORT_SYMBOL(), update_msg_rx_state() and drm_dp_mst_hpd_irq_handle_event() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU102012

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56678

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ___do_page_fault() function in arch/powerpc/mm/fault.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU102484

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56776

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sti_cursor_atomic_check() function in drivers/gpu/drm/sti/sti_cursor.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Integer overflow

EUVDB-ID: #VU101922

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53151

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the xdr_check_write_chunk() function in net/sunrpc/xprtrdma/svc_rdma_recvfrom.c. A local user can execute arbitrary code.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU102024

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56631

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU100074

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50160

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dolphin_fixups() function in sound/pci/hda/patch_cs8409.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Memory leak

EUVDB-ID: #VU100611

Risk: Medium

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2024-50302

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

53) Buffer overflow

EUVDB-ID: #VU101235

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53126

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the psnet_open_pf_bar() function in drivers/vdpa/solidrun/snet_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

EUVDB-ID: #VU100066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50151

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU98930

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Input validation error

EUVDB-ID: #VU99225

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49899

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Resource management error

EUVDB-ID: #VU99148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49927

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper locking

EUVDB-ID: #VU102948

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-48875

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the btrfs_map_block() function in fs/btrfs/volumes.c, within the btrfs_dev_replace_start() and list_add() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU100627

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50298

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the enetc_sriov_configure(), enetc_pf_probe(), free_netdev() and enetc_pf_remove() functions in drivers/net/ethernet/freescale/enetc/enetc_pf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Buffer overflow

EUVDB-ID: #VU101927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53148

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the comedi_mmap() function in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Race condition within a thread

EUVDB-ID: #VU101926

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53160

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the krc_count(), schedule_delayed_monitor_work() and kvfree_call_rcu() functions in kernel/rcu/tree.c. A local user can corrupt data.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Input validation error

EUVDB-ID: #VU100156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50187

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource management error

EUVDB-ID: #VU99457

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50072

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/x86/include/asm/nospec-branch.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU102008

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56756

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_free_host_mem(), __nvme_alloc_host_mem() and kfree() functions in drivers/nvme/host/pci.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource management error

EUVDB-ID: #VU102244

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56625

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the can_set_termination() function in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) NULL pointer dereference

EUVDB-ID: #VU96853

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44955

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_mst_connector_early_unregister(), dm_dp_mst_detect() and is_dsc_need_re_compute() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) NULL pointer dereference

EUVDB-ID: #VU102924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47141

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pr_fmt(), pinmux_can_be_used_for_gpio(), pin_request(), pin_free(), pinmux_enable_setting(), pinmux_disable_setting() and pinmux_pins_show() functions in drivers/pinctrl/pinmux.c, within the pinctrl_register_one_pin() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper locking

EUVDB-ID: #VU98995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper error handling

EUVDB-ID: #VU99061

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50048

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper locking

EUVDB-ID: #VU100185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50245

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_lookup() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Buffer overflow

EUVDB-ID: #VU99843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50096

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU102017

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56602

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Use-after-free

EUVDB-ID: #VU102068

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the calc_rtx(), s390_domain_free(), s390_iommu_attach_device(), s390_iommu_probe_device(), s390_iommu_unmap_pages() and s390_iommu_init() functions in drivers/iommu/s390-iommu.c, within the pci_fmb_show() function in arch/s390/pci/pci_debug.c, within the zpci_fmb_enable_device() function in arch/s390/pci/pci.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper error handling

EUVDB-ID: #VU100634

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50284

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __rpc_method() and ksmbd_session_rpc_open() functions in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU101224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53129

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vop_plane_atomic_async_check() function in drivers/gpu/drm/rockchip/rockchip_drm_vop.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Resource management error

EUVDB-ID: #VU102224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56724

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bxt_wcove_tmu_irq_handler() and bxt_wcove_tmu_probe() functions in drivers/platform/x86/intel/bxtwc_tmu.c, within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Memory leak

EUVDB-ID: #VU101993

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56632

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvme_stop_keep_alive() function in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU98870

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49924

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU102142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53226

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Buffer overflow

EUVDB-ID: #VU100145

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50189

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Double free

EUVDB-ID: #VU102193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56573

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the efi_handle_cmdline() function in drivers/firmware/efi/libstub/efi-stub.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Use-after-free

EUVDB-ID: #VU100168

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50257

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xt_find_table_lock() function in net/netfilter/x_tables.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Use of uninitialized resource

EUVDB-ID: #VU100636

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50300

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the rtq2208_probe() function in drivers/regulator/rtq2208-regulator.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Resource management error

EUVDB-ID: #VU98375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47673

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Use-after-free

EUVDB-ID: #VU100060

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50152

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_set_ea() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Improper error handling

EUVDB-ID: #VU102208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53215

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the svc_rdma_proc_init() function in net/sunrpc/xprtrdma/svc_rdma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource management error

EUVDB-ID: #VU100646

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50295

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arc_emac_tx_clean(), arc_emac_rx(), arc_emac_open(), arc_emac_set_rx_mode(), arc_free_tx_queue(), arc_free_rx_queue() and arc_emac_tx() functions in drivers/net/ethernet/arc/emac_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Resource management error

EUVDB-ID: #VU99835

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50111

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_ale() and die_if_kernel() functions in arch/loongarch/kernel/traps.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Use-after-free

EUVDB-ID: #VU98886

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49865

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xe_vm_create_ioctl() function in drivers/gpu/drm/xe/xe_vm.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Use-after-free

EUVDB-ID: #VU98900

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47691

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_shutdown() function in fs/f2fs/super.c, within the f2fs_ioc_abort_atomic_write(), f2fs_do_shutdown() and f2fs_ioc_shutdown() functions in fs/f2fs/file.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU102117

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56649

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Division by zero

EUVDB-ID: #VU102216

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56567

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad7780_write_raw() function in drivers/iio/adc/ad7780.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use-after-free

EUVDB-ID: #VU100061

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50153

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the target_alloc_device() function in drivers/target/target_core_device.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Input validation error

EUVDB-ID: #VU100836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53091

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/net/tls.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Input validation error

EUVDB-ID: #VU102184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56692

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the truncate_node() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Resource management error

EUVDB-ID: #VU102983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41932

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __sched_setaffinity() function in kernel/sched/syscalls.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Out-of-bounds read

EUVDB-ID: #VU102078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56650

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the led_tg_check() function in net/netfilter/xt_LED.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Integer underflow

EUVDB-ID: #VU102210

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56645

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the j1939_session_new() function in net/can/j1939/transport.c. A local user can execute arbitrary code.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) NULL pointer dereference

EUVDB-ID: #VU101225

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53130

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_grab_buffer() function in fs/nilfs2/page.c, within the nilfs_mdt_create_block() function in fs/nilfs2/mdt.c, within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c, within the nilfs_btnode_create_block() and nilfs_btnode_submit_block() functions in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper locking

EUVDB-ID: #VU99290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50066

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the move_normal_pmd() function in mm/mremap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Improper error handling

EUVDB-ID: #VU99064

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50020

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ice_sriov_set_msix_vec_count() and ice_sriov_get_irqs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Use-after-free

EUVDB-ID: #VU100062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) NULL pointer dereference

EUVDB-ID: #VU98944

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49998

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and dsa_switch_shutdown() functions in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Integer underflow

EUVDB-ID: #VU100637

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50290

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper locking

EUVDB-ID: #VU102160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56594

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the amdgpu_ttm_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Out-of-bounds read

EUVDB-ID: #VU102080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56627

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Memory leak

EUVDB-ID: #VU100160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50220

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mmap_write_unlock() function in kernel/fork.c, within the dup_userfaultfd_complete() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) NULL pointer dereference

EUVDB-ID: #VU98933

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49914

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Resource management error

EUVDB-ID: #VU99160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50019

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Double free

EUVDB-ID: #VU102195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53213

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the lan78xx_probe() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Buffer overflow

EUVDB-ID: #VU99099

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Resource management error

EUVDB-ID: #VU102249

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53172

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the alloc_ai(), scan_fast() and ubi_attach() functions in drivers/mtd/ubi/attach.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU100123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50198

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) NULL pointer dereference

EUVDB-ID: #VU100710

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53051

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the intel_hdcp_read_valid_bksv() function in drivers/gpu/drm/i915/display/intel_hdcp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Use-after-free

EUVDB-ID: #VU100614

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the check_migrations(), destroy(), cache_create() and cache_ctr() functions in drivers/md/dm-cache-target.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Buffer overflow

EUVDB-ID: #VU102214

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53187

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the io_pin_pages() function in io_uring/memmap.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Resource management error

EUVDB-ID: #VU99836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50136

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlx5_eswitch_enable_locked() function in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Use-after-free

EUVDB-ID: #VU102021

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56606

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Improper locking

EUVDB-ID: #VU102489

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56780

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dquot_writeback_dquots() function in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Use-after-free

EUVDB-ID: #VU102035

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56672

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the blkcg_unpin_online() function in block/blk-cgroup.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Race condition

EUVDB-ID: #VU102219

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56637

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the find_set_type() function in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Improper locking

EUVDB-ID: #VU99018

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49946

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ppp_channel_bridge_input() function in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.

Ubuntu: 24.04

linux-image-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

linux-image-6.8.0-1014-azure-nvidia (Ubuntu package): before 6.8.0-1014.15

• cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-6_8_0-1014-azure-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*

https://ubuntu.com/security/notices/USN-7468-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Resource management error

EUVDB-ID: #VU102241

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56752

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gf100_gr_chan_new() function in drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-azure-nvidia to the latest version.