Ubuntu update for linux
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2025-21702 CVE-2024-53227 CVE-2024-46826 CVE-2024-49952 CVE-2024-56600 CVE-2021-47235 CVE-2024-50265 CVE-2021-47119 CVE-2024-53165 CVE-2021-47483 CVE-2024-50302 CVE-2024-56595 CVE-2024-50167 CVE-2024-56658 CVE-2024-49948 CVE-2024-26921 CVE-2021-47602 CVE-2024-26863 CVE-2021-47320 CVE-2025-21700 CVE-2021-47122 |
| CWE-ID | CWE-399 CWE-416 CWE-20 CWE-119 CWE-401 CWE-415 CWE-125 CWE-191 CWE-908 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #11 is being exploited in the wild. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-4.4.0-1142-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-267-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-267-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1180-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1143-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU104074
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21702
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU102067
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53227
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfad_init() function in drivers/scsi/bfa/bfad.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU97839
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46826
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU99151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49952
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU102016
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv6/af_inet6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU90089
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47235
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ec_bhf_remove() function in drivers/net/ethernet/ec_bhf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU100610
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50265
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU90018
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47119
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_fill_super() and kfree() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU102062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53165
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Double free
EUVDB-ID: #VU90920
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47483
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the regcache_rbtree_insert_to_block() function in drivers/base/regmap/regcache-rbtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU100611
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2024-50302
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
Note, the vulnerability is being actively exploited in the wild against Android devices.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
12) Out-of-bounds read
EUVDB-ID: #VU102088
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56595
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU100053
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50167
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the be_xmit() function in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU102033
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56658
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU99042
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Integer underflow
EUVDB-ID: #VU91672
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26921
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use of uninitialized resource
EUVDB-ID: #VU92372
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47602
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use of uninitialized resource
EUVDB-ID: #VU90877
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26863
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU89959
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47320
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs3_proc_create() and nfs3_proc_mknod() functions in fs/nfs/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU103959
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21700
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU89256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47122
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the caif_device_notify() function in net/caif/caif_dev.c. A local user can perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1142-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-267-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1180-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1143-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1142-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-267-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1180-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4_4_0-1143-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7429-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
