Ubuntu update for linux-azure
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 39 |
| CVE-ID | CVE-2024-23848 CVE-2025-0927 CVE-2024-50171 CVE-2023-52880 CVE-2023-52522 CVE-2024-53104 CVE-2024-41064 CVE-2024-43892 CVE-2024-43900 CVE-2022-48772 CVE-2024-50148 CVE-2024-41063 CVE-2024-44938 CVE-2023-52799 CVE-2023-52818 CVE-2024-50134 CVE-2024-40943 CVE-2024-50117 CVE-2024-26685 CVE-2024-36964 CVE-2024-36952 CVE-2024-53164 CVE-2024-43893 CVE-2024-50229 CVE-2024-42070 CVE-2024-38567 CVE-2024-38558 CVE-2024-40910 CVE-2024-44931 CVE-2024-36886 CVE-2024-35896 CVE-2024-43863 CVE-2024-40911 CVE-2023-52488 CVE-2024-42068 CVE-2024-50233 CVE-2024-49902 CVE-2024-53156 CVE-2024-40981 |
| CWE-ID | CWE-416 CWE-122 CWE-401 CWE-264 CWE-399 CWE-787 CWE-667 CWE-362 CWE-476 CWE-125 CWE-119 CWE-269 CWE-843 CWE-20 CWE-682 CWE-369 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #6 is being exploited in the wild. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-4.15.0-1186-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 39 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU91600
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23848
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU104094
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-0927
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hfs_bnode_read_key() function in HFS+ filesystem implementation. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU100056
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89899
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52880
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU89387
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52522
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU101102
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53104
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
7) Improper locking
EUVDB-ID: #VU94991
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU96546
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43892
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU96515
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU100087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50148
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU94992
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU96550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44938
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU90281
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52799
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl(), dbFindCtl(), dbAllocDmapLev(), dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU90289
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52818
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU99837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU94278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU99818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50117
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Race condition
EUVDB-ID: #VU91481
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26685
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU102248
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53164
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the choke_drop_by_idx() function in net/sched/sch_choke.c, within the cake_drop() function in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU96540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43893
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper locking
EUVDB-ID: #VU100183
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50229
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Type Confusion
EUVDB-ID: #VU94923
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c,
within the nf_tables_fill_setelem() and nft_validate_register_store()
functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU94203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory leak
EUVDB-ID: #VU96512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44931
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU90309
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU96297
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43863
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU94256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Input validation error
EUVDB-ID: #VU94144
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Incorrect calculation
EUVDB-ID: #VU95076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42068
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Division by zero
EUVDB-ID: #VU100200
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50233
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU98910
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49902
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU101911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53156
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper locking
EUVDB-ID: #VU94269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40981
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1186-azure (Ubuntu package): before linux-image-azure
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4_15_0-1186-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7344-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
