Ubuntu update for linux-azure-5.15

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the BlueZ implementation in Linux kernel. A remote attacker on the local network can pass specially crafted input to the application and execute arbitrary code on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper access control

EUVDB-ID: #VU47546

Risk: Medium

CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-12352

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in BlueZ implementation in Linux kernel. A remote attacker on the local network can pass specially crafted input to the application and gain access to sensitive information.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Buffer overflow

EUVDB-ID: #VU47549

Risk: Medium

CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-24490

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within BlueZ implementation in Linux kernel. A remote attacker on the local network can pass specially crated data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Out-of-bounds read

EUVDB-ID: #VU85443

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6610

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the smb2_dump_detail() function in fs/smb/client/smb2ops.c. A local user can trigger an out-of-bounds read error and gain access to sensitive information or crash the kernel.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU87191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-25744

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41091

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU97501

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU98870

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49924

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU98382

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47659

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper error handling

EUVDB-ID: #VU96166

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42295

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU96176

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42284

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU92378

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38577

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU98910

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49902

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU97195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45011

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU98375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47673

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of uninitialized resource

EUVDB-ID: #VU92373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38538

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU96883

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45008

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU98380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47667

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper locking

EUVDB-ID: #VU97805

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46832

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the r4k_clockevent_init() function in arch/mips/kernel/cevt-r4k.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU96304

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43879

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use of uninitialized resource

EUVDB-ID: #VU95033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41059

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU96104

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU96553

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44940

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Memory leak

EUVDB-ID: #VU96711

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

25) Use of uninitialized resource

EUVDB-ID: #VU96169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43828

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41090

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Type Confusion

EUVDB-ID: #VU96639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44944

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input within the ctnetlink_del_expect() function in net/netfilter/nf_conntrack_netlink.c. A local user can trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU96103

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43834

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Integer overflow

EUVDB-ID: #VU97550

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46777

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Infinite loop

EUVDB-ID: #VU97279

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46689

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Input validation error

EUVDB-ID: #VU93797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35965

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Input validation error

EUVDB-ID: #VU96205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42276

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU100612

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50264

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Buffer overflow

EUVDB-ID: #VU96878

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU99221

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49977

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tc_setup_cbs() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) NULL pointer dereference

EUVDB-ID: #VU94968

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42079

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Input validation error

EUVDB-ID: #VU96193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42299

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the blksize_bits() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) NULL pointer dereference

EUVDB-ID: #VU96524

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43909

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smu7_update_edc_leakage_table() and smu7_hwmgr_backend_init() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU94970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41098

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU96658

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44946

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

43) Infinite loop

EUVDB-ID: #VU99121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50024

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Buffer overflow

EUVDB-ID: #VU99152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49858

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU99224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49892

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU96847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44989

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Division by zero

EUVDB-ID: #VU98372

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47663

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU98880

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49983

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU96141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42286

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU96134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42310

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU96834

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Race condition

EUVDB-ID: #VU96546

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43892

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU97808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46840

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

EUVDB-ID: #VU98921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47695

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Buffer overflow

EUVDB-ID: #VU97564

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46780

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Integer underflow

EUVDB-ID: #VU97552

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46757

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) NULL pointer dereference

EUVDB-ID: #VU97256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46707

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49894

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) NULL pointer dereference

EUVDB-ID: #VU98987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47705

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU98964

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49890

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Input validation error

EUVDB-ID: #VU97843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46815

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Division by zero

EUVDB-ID: #VU92008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36968

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU94222

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40915

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the set_direct_map_default_noflush() function in arch/riscv/mm/pageattr.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper locking

EUVDB-ID: #VU96855

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) NULL pointer dereference

EUVDB-ID: #VU98968

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49871

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU96203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42265

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Memory leak

EUVDB-ID: #VU96195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42283

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) NULL pointer dereference

EUVDB-ID: #VU98943

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50000

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) NULL pointer dereference

EUVDB-ID: #VU96135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42309

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Use-after-free

EUVDB-ID: #VU98889

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47748

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Out-of-bounds read

EUVDB-ID: #VU90303

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35967

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) NULL pointer dereference

EUVDB-ID: #VU96342

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52904

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the find_substream_format() function in sound/usb/pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Use-after-free

EUVDB-ID: #VU97493

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46745

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41016

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Input validation error

EUVDB-ID: #VU94530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41011

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU100122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50186

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sock_create() function in net/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use-after-free

EUVDB-ID: #VU92306

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38545

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Input validation error

EUVDB-ID: #VU96204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42267

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the no_context() function in arch/riscv/mm/fault.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Off-by-one

EUVDB-ID: #VU97818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46852

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the cma_heap_vm_fault() function in drivers/dma-buf/heaps/cma_heap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Use-after-free

EUVDB-ID: #VU96839

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44987

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper error handling

EUVDB-ID: #VU97546

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46783

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU97532

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46721

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Use-after-free

EUVDB-ID: #VU97782

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Input validation error

EUVDB-ID: #VU96542

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43914

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) NULL pointer dereference

EUVDB-ID: #VU96526

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43907

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Resource management error

EUVDB-ID: #VU99174

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47734

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bond_xdp_get_xmit_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Reachable assertion

EUVDB-ID: #VU93039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36484

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Use-after-free

EUVDB-ID: #VU97495

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46781

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Resource management error

EUVDB-ID: #VU99176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47693

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Improper locking

EUVDB-ID: #VU97535

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) NULL pointer dereference

EUVDB-ID: #VU98934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49913

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Improper locking

EUVDB-ID: #VU100127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50191

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU96118

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43860

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Use of uninitialized resource

EUVDB-ID: #VU97182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45018

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Memory leak

EUVDB-ID: #VU97776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Infinite loop

EUVDB-ID: #VU95515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42246

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Input validation error

EUVDB-ID: #VU95091

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42156

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper locking

EUVDB-ID: #VU98370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Resource management error

EUVDB-ID: #VU99169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49878

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Memory leak

EUVDB-ID: #VU96828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44982

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Integer underflow

EUVDB-ID: #VU96301

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43867

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Input validation error

EUVDB-ID: #VU99041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49938

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Out-of-bounds read

EUVDB-ID: #VU97503

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46743

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Out-of-bounds read

EUVDB-ID: #VU96114

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42292

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Input validation error

EUVDB-ID: #VU100155

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50181

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the imx7d_clocks_init() function in drivers/clk/imx/clk-imx7d.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Improper locking

EUVDB-ID: #VU94996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41020

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper locking

EUVDB-ID: #VU96297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43863

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Resource management error

EUVDB-ID: #VU97830

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46817

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Input validation error

EUVDB-ID: #VU96206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42281

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Reachable assertion

EUVDB-ID: #VU90912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52621

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47749

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Resource management error

EUVDB-ID: #VU97827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46804

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Use-after-free

EUVDB-ID: #VU98888

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47747

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50045

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Memory leak

EUVDB-ID: #VU94926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41065

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Buffer overflow

EUVDB-ID: #VU88283

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52434

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper locking

EUVDB-ID: #VU99828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50095

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Incorrect calculation

EUVDB-ID: #VU97193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45025

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50179

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Improper locking

EUVDB-ID: #VU99018

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49946

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ppp_channel_bridge_input() function in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Use-after-free

EUVDB-ID: #VU97496

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46782

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Input validation error

EUVDB-ID: #VU96197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43839

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) NULL pointer dereference

EUVDB-ID: #VU96529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43904

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_apply_idle_power_optimizations() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Resource management error

EUVDB-ID: #VU96880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44958

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Use-after-free

EUVDB-ID: #VU96517

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_multicast_del_port() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU96852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45006

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Out-of-bounds read

EUVDB-ID: #VU98905

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49969

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Use-after-free

EUVDB-ID: #VU96838

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_finish_output2() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Improper error handling

EUVDB-ID: #VU97543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46752

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Out-of-bounds read

EUVDB-ID: #VU90306

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35966

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Use-after-free

EUVDB-ID: #VU93322

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39463

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) NULL pointer dereference

EUVDB-ID: #VU97793

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46805

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psp_xgmi_reflect_topology_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) NULL pointer dereference

EUVDB-ID: #VU96522

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44935

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Improper error handling

EUVDB-ID: #VU90959

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52532

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mana_poll_tx_cq() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Out-of-bounds read

EUVDB-ID: #VU94956

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41071

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) NULL pointer dereference

EUVDB-ID: #VU97794

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46807

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Resource management error

EUVDB-ID: #VU96186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43846

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the objagg_obj_parent_assign() function in lib/objagg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Buffer overflow

EUVDB-ID: #VU99099

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Resource management error

EUVDB-ID: #VU93260

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26661

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dcn21_set_abm_immediate_disable() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Resource management error

EUVDB-ID: #VU96187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43841

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) NULL pointer dereference

EUVDB-ID: #VU97797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46819

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Memory leak

EUVDB-ID: #VU96512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44931

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Use-after-free

EUVDB-ID: #VU100707

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53057

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Use-after-free

EUVDB-ID: #VU98879

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49982

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Use-after-free

EUVDB-ID: #VU90069

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52757

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_mid() function in fs/smb/client/transport.c, within the __smb2_handle_cancelled_cmd() function in fs/smb/client/smb2misc.c, within the cifs_compose_mount_options(), __release_mid() and cifs_get_tcon_super() functions in fs/smb/client/cifsproto.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Improper locking

EUVDB-ID: #VU99025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Resource management error

EUVDB-ID: #VU99146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49866

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) NULL pointer dereference

EUVDB-ID: #VU97523

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46763

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Improper Initialization

EUVDB-ID: #VU97184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Input validation error

EUVDB-ID: #VU97844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46814

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Use-after-free

EUVDB-ID: #VU97251

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46673

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Use of uninitialized resource

EUVDB-ID: #VU96300

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43873

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the vhost_vsock_dev_open() and vhost_vsock_set_features() functions in drivers/vhost/vsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Buffer overflow

EUVDB-ID: #VU99193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49997

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Memory leak

EUVDB-ID: #VU92296

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38602

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) NULL pointer dereference

EUVDB-ID: #VU97516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46795

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_sess_setup() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Resource management error

EUVDB-ID: #VU93872

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26822

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper management of internal resources within the automount_fullpath() and cifs_do_automount() functions in fs/smb/client/namespace.c. A local user can force the SMB client to reuse its parent mount uid, gid and cruid and gain unauthorized access to information.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46755

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) NULL pointer dereference

EUVDB-ID: #VU96530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43902

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Out-of-bounds read

EUVDB-ID: #VU97791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46859

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Input validation error

EUVDB-ID: #VU96493

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43883

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Improper error handling

EUVDB-ID: #VU99070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49966

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Resource management error

EUVDB-ID: #VU96182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42305

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Use-after-free

EUVDB-ID: #VU96106

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Improper locking

EUVDB-ID: #VU99016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Use-after-free

EUVDB-ID: #VU98598

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Out-of-bounds read

EUVDB-ID: #VU97509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46723

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Resource management error

EUVDB-ID: #VU99135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50031

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Resource management error

EUVDB-ID: #VU100143

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50184

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) NULL pointer dereference

EUVDB-ID: #VU90380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36893

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the svdm_consume_identity(), tcpm_register_partner_altmodes(), tcpm_init_vconn(), tcpm_typec_connect(), tcpm_typec_disconnect() and tcpm_pwr_opmode_to_rp() functions in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Input validation error

EUVDB-ID: #VU96298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43875

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vpci_scan_bus() and epf_ntb_bind() functions in drivers/pci/endpoint/functions/pci-epf-vntb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52918

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Use-after-free

EUVDB-ID: #VU98885

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49867

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) Use-after-free

EUVDB-ID: #VU98878

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Memory leak

EUVDB-ID: #VU96290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43861

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Out-of-bounds read

EUVDB-ID: #VU98911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49895

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Memory leak

EUVDB-ID: #VU90010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26669

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Buffer overflow

EUVDB-ID: #VU93344

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38544

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Buffer overflow

EUVDB-ID: #VU99156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49973

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Input validation error

EUVDB-ID: #VU94842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41015

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Improper locking

EUVDB-ID: #VU96154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42296

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_convert_inline_inode() function in fs/f2fs/inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) Out-of-bounds read

EUVDB-ID: #VU97508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46722

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Resource management error

EUVDB-ID: #VU95064

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42158

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Memory leak

EUVDB-ID: #VU98852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) Improper locking

EUVDB-ID: #VU90765

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27072

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) Improper locking

EUVDB-ID: #VU99021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47739

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) Out-of-bounds read

EUVDB-ID: #VU97786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Out-of-bounds read

EUVDB-ID: #VU97510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46724

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) Use of uninitialized resource

EUVDB-ID: #VU96870

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44999

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) Memory leak

EUVDB-ID: #VU96832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44971

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) NULL pointer dereference

EUVDB-ID: #VU94241

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40973

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) Use-after-free

EUVDB-ID: #VU90239

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52572

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_wake_up_task(), __release_mid(), wait_for_response(), cifs_sync_mid_result(), cifs_compound_callback(), compound_send_recv(), SendReceive() and SendReceiveBlockingLock() functions in fs/smb/client/transport.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47709

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) Input validation error

EUVDB-ID: #VU97842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46818

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

205) Buffer overflow

EUVDB-ID: #VU100138

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50188

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Improper locking

EUVDB-ID: #VU99031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

207) Buffer overflow

EUVDB-ID: #VU93168

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38667

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the cpu_update_secondary_bootdata() function in arch/riscv/kernel/cpu_ops_spinwait.c, within the sbi_cpu_start() function in arch/riscv/kernel/cpu_ops_sbi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

208) Memory leak

EUVDB-ID: #VU94929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

209) Incorrect calculation

EUVDB-ID: #VU97833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46844

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

210) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

211) Buffer overflow

EUVDB-ID: #VU96184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42306

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

212) Integer underflow

EUVDB-ID: #VU97553

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46758

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

213) Memory leak

EUVDB-ID: #VU96285

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43869

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_sched_out(), exclusive_event_installable(), perf_pending_task() and perf_event_alloc() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

214) Input validation error

EUVDB-ID: #VU99039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50062

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

215) Improper locking

EUVDB-ID: #VU99020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49875

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

216) Input validation error

EUVDB-ID: #VU94843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41017

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

217) NULL pointer dereference

EUVDB-ID: #VU94976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41077

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

218) Resource management error

EUVDB-ID: #VU99159

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50038

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

219) Memory leak

EUVDB-ID: #VU98850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50013

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the exfat_load_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

220) Use-after-free

EUVDB-ID: #VU97494

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46746

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

221) NULL pointer dereference

EUVDB-ID: #VU98949

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49962

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

222) Input validation error

EUVDB-ID: #VU99203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50049

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

223) Use-after-free

EUVDB-ID: #VU90063

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52751

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the find_or_create_cached_dir(), spin_unlock() and open_cached_dir() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

224) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47684

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

225) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

226) Use-after-free

EUVDB-ID: #VU94942

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41070

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

227) Input validation error

EUVDB-ID: #VU96552

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44942

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

228) NULL pointer dereference

EUVDB-ID: #VU93461

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35904

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_sel_fs() function in security/selinux/selinuxfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

229) NULL pointer dereference

EUVDB-ID: #VU90640

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26607

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sii902x_init() and sii902x_probe() functions in drivers/gpu/drm/bridge/sii902x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

230) Resource management error

EUVDB-ID: #VU99160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50019

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

231) Improper error handling

EUVDB-ID: #VU97548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46714

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

232) Use-after-free

EUVDB-ID: #VU97491

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46738

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

233) Input validation error

EUVDB-ID: #VU96209

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42312

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

234) Input validation error

EUVDB-ID: #VU96889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44948

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

235) Buffer overflow

EUVDB-ID: #VU96544

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43890

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

236) Improper locking

EUVDB-ID: #VU96540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43893

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

237) Use-after-free

EUVDB-ID: #VU90210

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

238) Input validation error

EUVDB-ID: #VU93795

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35963

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_sock_setsockopt_old() and hci_sock_setsockopt() functions in net/bluetooth/hci_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

239) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

240) Out-of-bounds read

EUVDB-ID: #VU98908

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49930

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

241) Improper locking

EUVDB-ID: #VU97803

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46829

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

242) Improper locking

EUVDB-ID: #VU98996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50046

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

243) Improper locking

EUVDB-ID: #VU99013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49985

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

244) Improper error handling

EUVDB-ID: #VU95022

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41022

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

245) NULL pointer dereference

EUVDB-ID: #VU96536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43894

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

246) Double free

EUVDB-ID: #VU96162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43830

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

247) Resource management error

EUVDB-ID: #VU97191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45009

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

248) Improper resource shutdown or release

EUVDB-ID: #VU93746

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35951

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the panfrost_mmu_map_fault_addr() and sg_free_table() functions in drivers/gpu/drm/panfrost/panfrost_mmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

249) Use-after-free

EUVDB-ID: #VU98868

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49889

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

250) Out-of-bounds read

EUVDB-ID: #VU96116

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42301

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

251) Memory leak

EUVDB-ID: #VU93020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38632

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

252) Improper locking

EUVDB-ID: #VU94986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42114

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

253) Resource management error

EUVDB-ID: #VU96181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42290

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

254) Out-of-bounds read

EUVDB-ID: #VU96113

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43858

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

255) NULL pointer dereference

EUVDB-ID: #VU98942

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50002

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

256) NULL pointer dereference

EUVDB-ID: #VU94978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41060

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

257) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

258) Memory leak

EUVDB-ID: #VU96286

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43870

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_sched_out() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

259) Input validation error

EUVDB-ID: #VU99042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49948

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

260) Integer underflow

EUVDB-ID: #VU97554

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46759

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

261) Use-after-free

EUVDB-ID: #VU92213

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26947

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

262) Improper locking

EUVDB-ID: #VU97313

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

263) Input validation error

EUVDB-ID: #VU99228

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47740

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_ioc_start_atomic_write(), f2fs_ioc_commit_atomic_write(), f2fs_ioc_start_volatile_write(), f2fs_ioc_release_volatile_write() and f2fs_ioc_abort_volatile_write() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

264) NULL pointer dereference

EUVDB-ID: #VU96854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44960

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_ep_enable() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

265) Integer underflow

EUVDB-ID: #VU97551

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46756

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

266) NULL pointer dereference

EUVDB-ID: #VU97529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46737

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

267) Resource management error

EUVDB-ID: #VU95072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41068

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

268) NULL pointer dereference

EUVDB-ID: #VU97257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46677

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

269) Improper locking

EUVDB-ID: #VU94992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41063

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

270) Out-of-bounds read

EUVDB-ID: #VU94839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41019

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

271) NULL pointer dereference

EUVDB-ID: #VU98973

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52917

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

272) Memory leak

EUVDB-ID: #VU92298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38611

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

273) Use-after-free

EUVDB-ID: #VU98891

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

274) NULL pointer dereference

EUVDB-ID: #VU98970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49863

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

275) NULL pointer dereference

EUVDB-ID: #VU97528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46739

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

276) NULL pointer dereference

EUVDB-ID: #VU96525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43908

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_interrupt_process_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

277) Out-of-bounds read

EUVDB-ID: #VU98920

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47697

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

278) NULL pointer dereference

EUVDB-ID: #VU97796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46810

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tc_irq_handler() function in drivers/gpu/drm/bridge/tc358767.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

279) Input validation error

EUVDB-ID: #VU95106

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41072

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

280) Use-after-free

EUVDB-ID: #VU96108

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42302

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

281) Input validation error

EUVDB-ID: #VU99218

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50003

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dmub_hpd_callback() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

282) Buffer overflow

EUVDB-ID: #VU97188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45026

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

283) NULL pointer dereference

EUVDB-ID: #VU97173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45028

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

284) Buffer overflow

EUVDB-ID: #VU96008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42259

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

285) Use-after-free

EUVDB-ID: #VU90191

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48666

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __scsi_remove_device() function in drivers/scsi/scsi_sysfs.c, within the scsi_alloc_sdev() function in drivers/scsi/scsi_scan.c, within the scsi_mq_setup_tags() function in drivers/scsi/scsi_lib.c, within the scsi_remove_host(), scsi_add_host_with_dma() and scsi_host_dev_release() functions in drivers/scsi/hosts.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

286) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

287) Resource management error

EUVDB-ID: #VU99842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50093

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

288) Use of uninitialized resource

EUVDB-ID: #VU97817

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46865

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the gue_gro_receive() function in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

289) Out-of-bounds read

EUVDB-ID: #VU98903

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49886

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

290) Division by zero

EUVDB-ID: #VU96545

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43889

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

291) Use-after-free

EUVDB-ID: #VU96107

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42285

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

292) Improper locking

EUVDB-ID: #VU99011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50006

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

293) Use-after-free

EUVDB-ID: #VU96105

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42271

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

294) Improper locking

EUVDB-ID: #VU96158

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42274

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the update_pcm_pointers() and amdtp_domain_stream_pcm_pointer() functions in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

295) NULL pointer dereference

EUVDB-ID: #VU98941

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49957

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

296) NULL pointer dereference

EUVDB-ID: #VU96139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42289

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

297) NULL pointer dereference

EUVDB-ID: #VU97534

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46719

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

298) Use-after-free

EUVDB-ID: #VU97783

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46858

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

299) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

300) Improper locking

EUVDB-ID: #VU98999

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50041

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

301) Buffer overflow

EUVDB-ID: #VU97287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46675

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

302) Improper locking

EUVDB-ID: #VU94991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41064

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

303) Out-of-bounds read

EUVDB-ID: #VU93820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39472

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

304) NULL pointer dereference

EUVDB-ID: #VU96140

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42287

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

305) NULL pointer dereference

EUVDB-ID: #VU97798

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46822

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

306) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

307) Input validation error

EUVDB-ID: #VU96200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43849

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pdr_locator_new_server(), pdr_locator_del_server() and pdr_get_domain_list() functions in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

308) Improper error handling

EUVDB-ID: #VU99062

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50040

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

309) NULL pointer dereference

EUVDB-ID: #VU98965

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49879

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

310) Use-after-free

EUVDB-ID: #VU97500

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

311) Memory leak

EUVDB-ID: #VU97777

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46855

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

312) NULL pointer dereference

EUVDB-ID: #VU98953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49944

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

313) Division by zero

EUVDB-ID: #VU97276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46676

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

314) NULL pointer dereference

EUVDB-ID: #VU90577

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26893

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smc_chan_free() function in drivers/firmware/arm_scmi/smc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

315) Improper locking

EUVDB-ID: #VU96148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43835

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the virtnet_receive(), virtnet_poll_cleantx(), virtnet_poll() and virtnet_poll_tx() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

316) Input validation error

EUVDB-ID: #VU98379

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47665

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_dma_init() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

317) Improper locking

EUVDB-ID: #VU98367

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47669

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

318) Improper locking

EUVDB-ID: #VU96295

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43882

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

319) Use-after-free

EUVDB-ID: #VU97492

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46740

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

320) Memory leak

EUVDB-ID: #VU98860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49851

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

321) Use-after-free

EUVDB-ID: #VU97781

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46849

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

322) Use of uninitialized resource

EUVDB-ID: #VU96172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42311

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

323) Use-after-free

EUVDB-ID: #VU96837

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44985

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_xmit() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

324) Out-of-bounds read

EUVDB-ID: #VU98913

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47757

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

325) Buffer overflow

EUVDB-ID: #VU99157

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50001

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

326) Improper locking

EUVDB-ID: #VU97539

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46750

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

327) Use-after-free

EUVDB-ID: #VU98897

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

328) Resource management error

EUVDB-ID: #VU99133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50039

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

329) Improper locking

EUVDB-ID: #VU97264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46702

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

330) Out-of-bounds read

EUVDB-ID: #VU97511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46725

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

331) Input validation error

EUVDB-ID: #VU96160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43817

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

332) NULL pointer dereference

EUVDB-ID: #VU98925

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49907

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

333) Improper locking

EUVDB-ID: #VU97268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46695

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

334) Improper locking

EUVDB-ID: #VU92369

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38553

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

335) Use of uninitialized resource

EUVDB-ID: #VU96171

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42272

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the DEFINE_MUTEX() and offsetof() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

336) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

337) NULL pointer dereference

EUVDB-ID: #VU96146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42269

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip6table_nat_init() function in net/ipv6/netfilter/ip6table_nat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

338) Improper locking

EUVDB-ID: #VU96859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

339) Input validation error

EUVDB-ID: #VU96210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42318

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hook_cred_prepare() and hook_cred_free() functions in security/landlock/cred.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

340) Improper error handling

EUVDB-ID: #VU96165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42297

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

341) Memory leak

EUVDB-ID: #VU98854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49975

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

342) Out-of-bounds read

EUVDB-ID: #VU96845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44988

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

343) Resource management error

EUVDB-ID: #VU99150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49963

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

344) NULL pointer dereference

EUVDB-ID: #VU98983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47692

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

345) Input validation error

EUVDB-ID: #VU95003

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41042

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

346) Resource management error

EUVDB-ID: #VU95051

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41081

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

347) Memory leak

EUVDB-ID: #VU96099

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

348) Memory leak

EUVDB-ID: #VU97485

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46771

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

349) Division by zero

EUVDB-ID: #VU97555

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46732

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

350) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

351) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

352) Resource management error

EUVDB-ID: #VU99148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49927

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

353) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

354) Use-after-free

EUVDB-ID: #VU96843

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45003

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

355) Resource management error

EUVDB-ID: #VU99149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49954

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

356) Improper error handling

EUVDB-ID: #VU96164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42304

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

357) Out-of-bounds read

EUVDB-ID: #VU98906

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49933

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

358) NULL pointer dereference

EUVDB-ID: #VU96144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42277

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sprd_iommu_cleanup() function in drivers/iommu/sprd-iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

359) Resource management error

EUVDB-ID: #VU99172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49955

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

360) Improper locking

EUVDB-ID: #VU99033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47710

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

361) NULL pointer dereference

EUVDB-ID: #VU96528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43905

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

362) Use-after-free

EUVDB-ID: #VU98869

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

363) Buffer overflow

EUVDB-ID: #VU96191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43856

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

364) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

365) Buffer overflow

EUVDB-ID: #VU96871

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44966

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the DATA_START_OFFSET_WORDS() and load_flat_binary() functions in fs/binfmt_flat.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

366) NULL pointer dereference

EUVDB-ID: #VU97259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46685

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

367) Race condition

EUVDB-ID: #VU99178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49935

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

368) NULL pointer dereference

EUVDB-ID: #VU96848

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44990

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

369) NULL pointer dereference

EUVDB-ID: #VU96132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52889

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

370) NULL pointer dereference

EUVDB-ID: #VU98962

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

371) Buffer overflow

EUVDB-ID: #VU96885

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44969

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

372) Buffer overflow

EUVDB-ID: #VU100145

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50189

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

373) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

374) NULL pointer dereference

EUVDB-ID: #VU98991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47720

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

375) Use-after-free

EUVDB-ID: #VU96109

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42313

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

376) Use of uninitialized resource

EUVDB-ID: #VU96869

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44983

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_skb_encap_protocol() function in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

377) NULL pointer dereference

EUVDB-ID: #VU98952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49949

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

378) NULL pointer dereference

EUVDB-ID: #VU97513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46761

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

379) Improper error handling

EUVDB-ID: #VU99080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47690

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

380) Race condition

EUVDB-ID: #VU99125

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50059

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

381) Double free

EUVDB-ID: #VU95011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41073

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

382) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

383) Out-of-bounds read

EUVDB-ID: #VU97504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46747

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

384) Buffer overflow

EUVDB-ID: #VU99151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

385) Buffer overflow

EUVDB-ID: #VU99843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50096

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

386) Buffer overflow

EUVDB-ID: #VU96177

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42288

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

387) Memory leak

EUVDB-ID: #VU96287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

388) Input validation error

EUVDB-ID: #VU94997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42126

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

389) Use-after-free

EUVDB-ID: #VU96842

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

390) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

391) Input validation error

EUVDB-ID: #VU97269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46679

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

392) NULL pointer dereference

EUVDB-ID: #VU96538

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43884

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

393) Buffer overflow

EUVDB-ID: #VU98376

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47668

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

394) Use-after-free

EUVDB-ID: #VU98873

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

395) NULL pointer dereference

EUVDB-ID: #VU96124

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43829

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qxl_add_mode() function in drivers/gpu/drm/qxl/qxl_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

396) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

397) Resource management error

EUVDB-ID: #VU96305

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43880

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

398) Input validation error

EUVDB-ID: #VU96888

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45007

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the MODULE_LICENSE(), cleanup_dev(), report_io_error() and xillyusb_init() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

399) Memory leak

EUVDB-ID: #VU94203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40910

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

400) Improper locking

EUVDB-ID: #VU98997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50044

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

401) Race condition

EUVDB-ID: #VU91483

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52639

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

402) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47698

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

403) Use-after-free

EUVDB-ID: #VU94672

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41012

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

404) Improper locking

EUVDB-ID: #VU99029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49856

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

405) Improper locking

EUVDB-ID: #VU99032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

406) Use-after-free

EUVDB-ID: #VU98894

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

407) Input validation error

EUVDB-ID: #VU99223

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49967

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1078.87~20.04.1

linux-image-5.15.0-1078-azure (Ubuntu package): before 5.15.0-1078.87~20.04.1

CPE2.3

External links