Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 150 |
CVE-ID | CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2024-21823 CVE-2024-23849 CVE-2024-24860 CVE-2023-52598 CVE-2023-52676 CVE-2023-52609 CVE-2024-26620 CVE-2023-52487 CVE-2023-52465 CVE-2023-52473 CVE-2023-52467 CVE-2024-26583 CVE-2023-52669 CVE-2023-52664 CVE-2023-52449 CVE-2023-52614 CVE-2024-26595 CVE-2023-52611 CVE-2023-52696 CVE-2023-52591 CVE-2023-52491 CVE-2024-35839 CVE-2023-52679 CVE-2024-26607 CVE-2023-52587 CVE-2023-52469 CVE-2023-52608 CVE-2023-52617 CVE-2023-52698 CVE-2024-26673 CVE-2024-35835 CVE-2024-26808 CVE-2024-26668 CVE-2023-52626 CVE-2023-52621 CVE-2024-35837 CVE-2023-52489 CVE-2023-52597 CVE-2024-26649 CVE-2024-26615 CVE-2024-35838 CVE-2023-52693 CVE-2023-52497 CVE-2024-35842 CVE-2024-26618 CVE-2024-26610 CVE-2024-26631 CVE-2024-26644 CVE-2024-26627 CVE-2023-52677 CVE-2023-52472 CVE-2023-52627 CVE-2023-52486 CVE-2023-52632 CVE-2023-52494 CVE-2023-52468 CVE-2024-26634 CVE-2023-52588 CVE-2024-26646 CVE-2024-26584 CVE-2023-52443 CVE-2023-52691 CVE-2024-26612 CVE-2023-52595 CVE-2024-26592 CVE-2024-26623 CVE-2023-52492 CVE-2024-26670 CVE-2023-52583 CVE-2023-52681 CVE-2023-52635 CVE-2023-52457 CVE-2023-52445 CVE-2024-26629 CVE-2024-26594 CVE-2023-52675 CVE-2023-52488 CVE-2023-52446 CVE-2024-26625 CVE-2023-52697 CVE-2023-52453 CVE-2023-52498 CVE-2023-52686 CVE-2023-52593 CVE-2023-52612 CVE-2023-52687 CVE-2023-52470 CVE-2023-52455 CVE-2023-52444 CVE-2024-26608 CVE-2024-26633 CVE-2024-26645 CVE-2023-52451 CVE-2023-52456 CVE-2024-26640 CVE-2023-52670 CVE-2023-52589 CVE-2024-26598 CVE-2024-35841 CVE-2024-26647 CVE-2024-26636 CVE-2023-52680 CVE-2023-52616 CVE-2023-52685 CVE-2024-26582 CVE-2024-26638 CVE-2023-52694 CVE-2024-35840 CVE-2023-52448 CVE-2023-52623 CVE-2023-52462 CVE-2023-52452 CVE-2024-26641 CVE-2023-52683 CVE-2023-52682 CVE-2023-52594 CVE-2023-52490 CVE-2023-52493 CVE-2023-52633 CVE-2023-52606 CVE-2024-26669 CVE-2023-52584 CVE-2024-26585 CVE-2023-52610 CVE-2023-52672 CVE-2023-52450 CVE-2023-52666 CVE-2023-52458 CVE-2023-52622 CVE-2023-52674 CVE-2023-52619 CVE-2024-26586 CVE-2023-52667 CVE-2024-26616 CVE-2023-52463 CVE-2024-26632 CVE-2023-52447 CVE-2023-52692 CVE-2023-52678 CVE-2023-52607 CVE-2023-52618 CVE-2023-52464 CVE-2024-26671 CVE-2023-52599 CVE-2023-52454 CVE-2023-52495 CVE-2023-52690 |
CWE-ID | CWE-476 CWE-502 CWE-193 CWE-362 CWE-399 CWE-190 CWE-20 CWE-125 CWE-415 CWE-119 CWE-667 CWE-416 CWE-401 CWE-825 CWE-617 CWE-908 CWE-254 CWE-200 CWE-400 CWE-366 CWE-388 CWE-682 CWE-835 CWE-665 CWE-824 CWE-787 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-laptop-23.10 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1017-laptop (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 150 vulnerabilities.
EUVDB-ID: #VU85854
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6356
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85853
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6535
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_execute_request() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85852
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6536
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the __nvmet_req_complete() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89676
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21823
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86019
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23849
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86580
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24860
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93864
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93061
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52676
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the check_ptr_to_map_access() and check_stack_access_within_bounds() functions in kernel/bpf/verifier.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91484
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52609
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94143
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26620
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vfio_ap_mdev_filter_cdoms(), vfio_ap_mdev_filter_matrix(), assign_adapter_store(), assign_domain_store(), vfio_ap_mdev_probe_queue() and vfio_ap_on_cfg_changed() functions in drivers/s390/crypto/vfio_ap_ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90625
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52487
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tc_del_fdb_peer_flow() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90654
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52465
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_probe() function in drivers/power/supply/qcom_pmi8998_charger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90656
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52473
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the device_del() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89236
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52467
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the of_syscon_register() function in drivers/mfd/syscon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91423
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52669
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90893
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52664
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the aq_vec_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_vec.c, within the aq_get_rxpages(), aq_ring_alloc(), aq_ring_rx_alloc() and aq_ring_hwts_rx_alloc() functions in drivers/net/ethernet/aquantia/atlantic/aq_ring.c, within the aq_ptp_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87742
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52449
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in mtd. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91315
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52614
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87369
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26595
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the spectrum_acl_tcam() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93161
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52611
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtw_sdio_get_tx_addr() function in drivers/net/wireless/realtek/rtw88/sdio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90550
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52696
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_powercap_init() function in arch/powerpc/platforms/powernv/opal-powercap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90228
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52491
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_jpeg_dec_device_run() function in drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93386
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35839
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_reject6_fill_skb_dst() and nf_send_reset6() functions in net/ipv6/netfilter/nf_reject_ipv6.c, within the nf_reject_fill_skb_dst() and nf_send_reset() functions in net/ipv4/netfilter/nf_reject_ipv4.c, within the br_nf_pre_routing_finish_ipv6() function in net/bridge/br_netfilter_ipv6.c, within the br_nf_pre_routing_finish_bridge(), br_nf_ipv4_daddr_was_changed(), bridge_parent_rtable(), skb_dst_set_noref(), setup_pre_routing(), br_nf_forward_finish(), ip_sabotage_in() and br_nf_pre_routing_finish_bridge_slow() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90892
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52679
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the of_unittest_parse_phandle_with_args() and of_unittest_parse_phandle_with_args_map() functions in drivers/of/unittest.c, within the of_parse_phandle_with_args_map() function in drivers/of/base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90640
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sii902x_init() and sii902x_probe() functions in drivers/gpu/drm/bridge/sii902x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91541
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89235
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52469
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52608
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the shmem_poll_done() function in drivers/firmware/arm_scmi/shmem.c, within the rx_callback() function in drivers/firmware/arm_scmi/mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93474
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52617
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89982
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52698
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_calipso_ops_register(), netlbl_calipso_add_pass() and netlbl_calipso_genl_init() functions in net/netlabel/netlabel_calipso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94118
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90923
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35835
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93809
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26808
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91180
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91401
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52626
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlx5e_ptp_handle_ts_cqe() function in drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90912
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52621
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93435
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35837
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mvpp2_bm_pool_cleanup() and mvpp2_bm_init() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89388
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52489
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92172
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26649
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfx_v10_0_init_microcode() function in drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90627
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91346
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35838
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sta_info_free() function in net/mac80211/sta_info.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91678
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52693
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the acpi_video_dev_register_backlight() function in drivers/acpi/acpi_video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93097
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52497
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90551
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35842
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_sof_dai_link_fixup() function in sound/soc/mediatek/common/mtk-dsp-sof-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91654
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26618
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fpsimd_release_task() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89679
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91436
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26631
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the ipv6_mc_down() function in net/ipv6/mcast.c. A local user can manipulate data.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91535
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88101
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26627
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93679
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ALIGN() function in arch/riscv/kernel/vmlinux.lds.S, within the INIT_TEXT_SECTION() function in arch/riscv/kernel/vmlinux-xip.lds.S, within the is_kernel_exittext() and patch_map() functions in arch/riscv/kernel/patch.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91244
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52472
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rsa_check_exponent_fips() function in crypto/rsa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90612
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52627
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the BIT() function in drivers/iio/adc/ad7091r5.c, within the BIT() and ad7091r_read_event_config() functions in drivers/iio/adc/ad7091r-base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90801
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52486
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91534
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52632
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mutex_unlock() function in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91209
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52494
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mhi_del_ring_element() function in drivers/bus/mhi/host/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90260
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52468
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the class_register() function in drivers/base/class.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93655
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26634
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the default_device_exit_net() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93647
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52588
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the __clone_blkaddrs() and redirty_blocks() functions in fs/f2fs/file.c, within the set_cluster_dirty() function in fs/f2fs/compress.c. A local user can corrupt data.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91204
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26646
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hfi_parse_features() and intel_hfi_init() functions in drivers/thermal/intel/intel_hfi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89001
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89245
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52443
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90921
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52691
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92991
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26612
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXPORT_SYMBOL() function in fs/fscache/cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90803
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86812
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26592
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in
ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90630
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26623
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pdsc_setup(), pdsc_stop() and pdsc_fw_down() functions in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pds_core_intr_credits(), pdsc_adminq_isr(), pdsc_adminq_post() and queue_work() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52492
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93299
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26670
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93768
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52681
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the efivarfs_init_fs_context() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52635
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89242
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52457
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the omap8250_remove() function in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87745
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91536
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26629
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86813
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling SMB2 Mech Tokens. A remote attacker can send specially crafted packets to ksmbd, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52675
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90263
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52446
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_map_free_deferred() and bpf_map_put() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87344
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26625
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94127
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52697
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sof_sdw_rt_sdca_jack_exit() function in sound/soc/intel/boards/sof_sdw_rt_sdca_jack_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93167
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52453
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hisi_acc_vf_resume_write() and hisi_acc_vf_save_read() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90800
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52498
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90629
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wfx_upload_ap_templates() and wfx_start_ap() functions in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91314
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52612
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90945
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52687
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the safexcel_send_req() function in drivers/crypto/inside-secure/safexcel_cipher.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92074
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93166
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52455
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to memory corruption within the of_iommu_get_resv_regions() function in drivers/iommu/of_iommu.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90918
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52444
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90341
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26608
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_unsupported_event() and handle_generic_event() functions in fs/ksmbd/transport_ipc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89267
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26633
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93762
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26645
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88891
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52451
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89243
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52456
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error within the imx_uart_stop_tx() function in drivers/tty/serial/imx.c. A local user can crash the OS kernel.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52670
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91540
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rkisp1_isp_stop() function in drivers/media/platform/rockchip/rkisp1/rkisp1-isp.c, within the rkisp1_csi_disable() function in drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90262
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93064
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35841
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90614
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26647
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the link_set_dsc_pps_packet() function in drivers/gpu/drm/amd/display/dc/link/link_dpms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90859
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93618
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52680
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the scarlett2_sync_ctl_get(), scarlett2_master_volume_ctl_get(), scarlett2_volume_ctl_get(), scarlett2_mute_ctl_get(), scarlett2_level_enum_ctl_get(), scarlett2_pad_ctl_get(), scarlett2_air_ctl_get(), scarlett2_phantom_ctl_get(), scarlett2_direct_monitor_ctl_get(), scarlett2_speaker_switch_enum_ctl_get(), scarlett2_talkback_enum_ctl_get(), scarlett2_dim_mute_ctl_get() and scarlett2_mux_src_enum_ctl_get() functions in sound/usb/mixer_scarlett_gen2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91556
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52616
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91437
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52685
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the persistent_ram_init_ecc() function in fs/pstore/ram_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89002
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26582
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/tls/tls_sw.c during partial reads and async decrypt. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90881
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26638
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __sock_xmit() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91606
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52694
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the tpd12s015_probe() function in drivers/gpu/drm/bridge/ti-tpd12s015.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93429
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35840
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the subflow_finish_connect() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87741
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52448
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89237
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52462
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a boundary error within the check_stack_write_fixed_off() function in kernel/bpf/verifier.c. A local user can trigger memory corruption and crash the kernel.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87743
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52452
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in bpf. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89396
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91424
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52683
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93193
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52682
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the f2fs_encrypt_one_page() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90343
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90624
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52490
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mm/migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91537
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52493
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93282
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52633
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87343
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52606
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26669
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90230
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52584
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_spmi_probe() and mtk_spmi_remove() functions in drivers/spmi/spmi-mtk-pmif.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89251
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26585
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89382
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52610
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90661
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52450
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the discover_upi_topology() function in arch/x86/events/intel/uncore_snbep.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91518
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52666
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_set_ea(), smb2_open() and smb2_set_info_file() functions in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91392
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52674
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the scarlett2_mixer_ctl_put() function in sound/usb/mixer_scarlett_gen2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93668
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88935
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26586
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90922
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52667
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fs_any_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90229
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26616
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the scrub_read_endio() and scrub_submit_initial_read() functions in fs/btrfs/scrub.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90660
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52463
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90621
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26632
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/bio.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87740
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52447
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in
bpf. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93619
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52692
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the scarlett2_usb_set_config() function in sound/usb/mixer_scarlett_gen2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93452
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52678
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kfd_create_indirect_link_prop() and kfd_add_peer_prop() functions in drivers/gpu/drm/amd/amdkfd/kfd_topology.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90841
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52618
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rnbd_srv_get_full_path() function in drivers/block/rnbd/rnbd-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88895
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52464
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92977
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88105
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52599
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52454
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90861
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52495
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pmic_glink_altmode_sc8180xp_notify() and pmic_glink_altmode_sc8280xp_notify() functions in drivers/soc/qcom/pmic_glink_altmode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89981
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52690
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scom_debug_init_one() function in arch/powerpc/platforms/powernv/opal-xscom.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-laptop to the latest version.
Vulnerable software versionsUbuntu: 23.10
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1017.20
linux-image-6.5.0-1017-laptop (Ubuntu package): before 6.5.0-1017.20
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6818-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.