USN-6704-1

Advisory lineage Upstream: 10 Downstream: 0
Published: 20 Mar 2024, 14:23
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

20 Mar 2024, 14:23
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia vulnerabilities It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2023-32247) Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1085) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)

Affected Systems

  • ubuntulinux

    < 5.15.0-101.111

  • ubuntulinux-azure

    < 5.15.0-1059.67

  • ubuntulinux-azure-5.15

    < 5.15.0-1059.67~20.04.1

  • ubuntulinux-azure-fde

    < 5.15.0-1059.67.1

  • ubuntulinux-azure-fde-5.15

    < 5.15.0-1059.67~20.04.1.1

  • ubuntulinux-gcp

    < 5.15.0-1054.62

  • ubuntulinux-gcp-5.15

    < 5.15.0-1054.62~20.04.1

  • ubuntulinux-gke

    < 5.15.0-1053.58

  • ubuntulinux-gkeop

    < 5.15.0-1039.45

  • ubuntulinux-gkeop-5.15

    < 5.15.0-1039.45~20.04.1

  • ubuntulinux-hwe-5.15

    < 5.15.0-101.111~20.04.1

  • ubuntulinux-ibm

    < 5.15.0-1049.52

  • ubuntulinux-ibm-5.15

    < 5.15.0-1049.52~20.04.1

  • ubuntulinux-kvm

    < 5.15.0-1053.58

  • ubuntulinux-lowlatency

    < 5.15.0-101.111

  • ubuntulinux-lowlatency-hwe-5.15

    < 5.15.0-101.111~20.04.1

  • ubuntulinux-nvidia

    < 5.15.0-1047.47

References (6)