usn-6866-3
Vulnerability from osv_ubuntu
Published
2024-07-10 21:11
Modified
2026-06-29 10:53
Summary
linux-azure vulnerabilities
Details

It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-33631)

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. (CVE-2024-2201)

Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307)

Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-24861)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Hardware random number generator core; - GPU drivers; - AFS file system; - Memory management; - Netfilter; (CVE-2024-26642, CVE-2024-26922, CVE-2024-26720, CVE-2024-26736, CVE-2024-26898, CVE-2021-47063, CVE-2023-52615)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2021-33631",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-47063",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6270",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-52615",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-2201",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-23307",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-24861",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-26642",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-26736",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-26898",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-26922",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "linux-azure-cloud-tools-4.15.0-1178",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-azure-headers-4.15.0-1178",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-azure-tools-4.15.0-1178",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-buildinfo-4.15.0-1178-azure",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-cloud-tools-4.15.0-1178-azure",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-headers-4.15.0-1178-azure",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-image-unsigned-4.15.0-1178-azure",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-modules-4.15.0-1178-azure",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-modules-extra-4.15.0-1178-azure",
            "binary_version": "4.15.0-1178.193~14.04.1"
          },
          {
            "binary_name": "linux-tools-4.15.0-1178-azure",
            "binary_version": "4.15.0-1178.193~14.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:14.04:LTS",
        "name": "linux-azure",
        "purl": "pkg:deb/ubuntu/linux-azure@4.15.0-1178.193~14.04.1?arch=source\u0026distro=trusty/esm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.15.0-1178.193~14.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.15.0-1023.24~14.04.1",
        "4.15.0-1030.31~14.04.1",
        "4.15.0-1031.32~14.04.1",
        "4.15.0-1032.33~14.04.2",
        "4.15.0-1035.36~14.04.2",
        "4.15.0-1036.38~14.04.2",
        "4.15.0-1037.39~14.04.2",
        "4.15.0-1039.41~14.04.2",
        "4.15.0-1040.44~14.04.1",
        "4.15.0-1041.45~14.04.1",
        "4.15.0-1042.46~14.04.1",
        "4.15.0-1045.49~14.04.1",
        "4.15.0-1046.50~14.04.1",
        "4.15.0-1047.51~14.04.1",
        "4.15.0-1049.54~14.04.1",
        "4.15.0-1050.55~14.04.1",
        "4.15.0-1051.56~14.04.1",
        "4.15.0-1052.57~14.04.1",
        "4.15.0-1055.60~14.04.1",
        "4.15.0-1056.61~14.04.1",
        "4.15.0-1057.62~14.04.1",
        "4.15.0-1059.64~14.04.1",
        "4.15.0-1060.65~14.04.1",
        "4.15.0-1061.66~14.04.1",
        "4.15.0-1063.68~14.04.1",
        "4.15.0-1064.69~14.04.1",
        "4.15.0-1066.71~14.04.1",
        "4.15.0-1067.72~14.04.1",
        "4.15.0-1069.74~14.04.1",
        "4.15.0-1071.76~14.04.1",
        "4.15.0-1074.79~14.04.1",
        "4.15.0-1077.82~14.04.1",
        "4.15.0-1082.92~14.04.1",
        "4.15.0-1083.93~14.04.1",
        "4.15.0-1089.99~14.04.1",
        "4.15.0-1091.101~14.04.1",
        "4.15.0-1092.102~14.04.1",
        "4.15.0-1093.103~14.04.1",
        "4.15.0-1095.105~14.04.1",
        "4.15.0-1096.106~14.04.1",
        "4.15.0-1098.109~14.04.1",
        "4.15.0-1100.111~14.04.1",
        "4.15.0-1102.113~14.04.1",
        "4.15.0-1103.114~14.04.1",
        "4.15.0-1106.118~14.04.1",
        "4.15.0-1108.120~14.04.1",
        "4.15.0-1109.121~14.04.1",
        "4.15.0-1110.122~14.04.1",
        "4.15.0-1111.123~14.04.1",
        "4.15.0-1112.124~14.04.1",
        "4.15.0-1113.126~14.04.1",
        "4.15.0-1114.127~14.04.1",
        "4.15.0-1115.128~14.04.1",
        "4.15.0-1118.131~14.04.1",
        "4.15.0-1121.134~14.04.1",
        "4.15.0-1122.135~14.04.1",
        "4.15.0-1123.136~14.04.1",
        "4.15.0-1124.137~14.04.1",
        "4.15.0-1125.138~14.04.1",
        "4.15.0-1126.139~14.04.1",
        "4.15.0-1127.140~14.04.1",
        "4.15.0-1129.142~14.04.1",
        "4.15.0-1130.143~14.04.1",
        "4.15.0-1131.144~14.04.1",
        "4.15.0-1133.146~14.04.1",
        "4.15.0-1134.147~14.04.1",
        "4.15.0-1136.149~14.04.1",
        "4.15.0-1137.150~14.04.1",
        "4.15.0-1138.151~14.04.1",
        "4.15.0-1139.152~14.04.1",
        "4.15.0-1142.156~14.04.1",
        "4.15.0-1145.160~14.04.1",
        "4.15.0-1146.161~14.04.1",
        "4.15.0-1149.164~14.04.1",
        "4.15.0-1150.165~14.04.1",
        "4.15.0-1151.166~14.04.1",
        "4.15.0-1153.168~14.04.1",
        "4.15.0-1157.172~14.04.2",
        "4.15.0-1158.173~14.04.1",
        "4.15.0-1159.174~14.04.1",
        "4.15.0-1162.177~14.04.1",
        "4.15.0-1163.178~14.04.1",
        "4.15.0-1164.179~14.04.1",
        "4.15.0-1165.180~14.04.1",
        "4.15.0-1166.181~14.04.1",
        "4.15.0-1167.182~14.04.1",
        "4.15.0-1168.183~14.04.1",
        "4.15.0-1169.184~14.04.1",
        "4.15.0-1170.185~14.04.1",
        "4.15.0-1171.186~14.04.1",
        "4.15.0-1172.187~14.04.1",
        "4.15.0-1173.188~14.04.1",
        "4.15.0-1174.189~14.04.1",
        "4.15.0-1175.190~14.04.1",
        "4.15.0-1176.191~14.04.1",
        "4.15.0-1177.192~14.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that the ext4 file system implementation in the Linux\nkernel did not properly validate data state on write operations. An\nattacker could use this to construct a malicious ext4 file system image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2021-33631)\n\nIt was discovered that the ATA over Ethernet (AoE) driver in the Linux\nkernel contained a race condition, leading to a use-after-free\nvulnerability. An attacker could use this to cause a denial of service or\npossibly execute arbitrary code. (CVE-2023-6270)\n\nSander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida\ndiscovered that the Linux kernel mitigations for the initial Branch History\nInjection vulnerability (CVE-2022-0001) were insufficient for Intel\nprocessors. A local attacker could potentially use this to expose sensitive\ninformation. (CVE-2024-2201)\n\nGui-Dong Han discovered that the software RAID driver in the Linux kernel\ncontained a race condition, leading to an integer overflow vulnerability. A\nprivileged attacker could possibly use this to cause a denial of service\n(system crash). (CVE-2024-23307)\n\nBai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in\nthe Linux kernel contained a race condition, leading to an integer overflow\nvulnerability. An attacker could possibly use this to cause a denial of\nservice (system crash). (CVE-2024-24861)\n\nSeveral security issues were discovered in the Linux kernel.\nAn attacker could possibly use these to compromise the system.\nThis update corrects flaws in the following subsystems:\n  - Block layer subsystem;\n  - Hardware random number generator core;\n  - GPU drivers;\n  - AFS file system;\n  - Memory management;\n  - Netfilter;\n(CVE-2024-26642, CVE-2024-26922, CVE-2024-26720, CVE-2024-26736,\nCVE-2024-26898, CVE-2021-47063, CVE-2023-52615)\n",
  "id": "USN-6866-3",
  "modified": "2026-06-29T10:53:11Z",
  "published": "2024-07-10T21:11:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-6866-3"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-33631"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-47063"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-6270"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-52615"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-2201"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-23307"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-24861"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-26642"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-26720"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-26736"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-26898"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-26922"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-azure vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2021-33631",
    "UBUNTU-CVE-2021-47063",
    "UBUNTU-CVE-2023-6270",
    "UBUNTU-CVE-2023-52615",
    "UBUNTU-CVE-2024-2201",
    "UBUNTU-CVE-2024-23307",
    "UBUNTU-CVE-2024-24861",
    "UBUNTU-CVE-2024-26642",
    "UBUNTU-CVE-2024-26720",
    "UBUNTU-CVE-2024-26736",
    "UBUNTU-CVE-2024-26898",
    "UBUNTU-CVE-2024-26922"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…