CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
43.8%
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-1 advisory.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848)
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. (CVE-2024-25741)
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service (system crash).
(CVE-2024-40902)
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:
- ARM64 architecture;
- M68K architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Accessibility subsystem;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Bluetooth drivers;
- Character device driver;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- FPGA Framework;
- GPIO subsystem;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- HW tracing;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device (Mouse) drivers;
- Macintosh device drivers;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- NVME drivers;
- Pin controllers subsystem;
- PTP clock framework;
- S/390 drivers;
- SCSI drivers;
- SoundWire subsystem;
- Greybus lights staging drivers;
- Media staging drivers;
- Thermal drivers;
- TTY drivers;
- USB subsystem;
- DesignWare USB3 driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- eCrypt file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- IOMMU subsystem;
- Memory management;
- Netfilter;
- BPF subsystem;
- Kernel debugger infrastructure;
- DMA mapping infrastructure;
- IRQ subsystem;
- Tracing infrastructure;
- 9P file system network protocol;
- B.A.T.M.A.N. meshing protocol;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- Multipath TCP;
- NET/ROM layer;
- NFC subsystem;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- Unix domain sockets;
- Wireless networking;
- XFRM subsystem;
- ALSA framework;
- SoC Audio for Freescale CPUs drivers;
- Kirkwood ASoC drivers; (CVE-2024-38613, CVE-2024-42096, CVE-2024-40908, CVE-2024-42137, CVE-2024-38590, CVE-2024-41044, CVE-2024-39480, CVE-2024-39469, CVE-2024-39471, CVE-2024-42089, CVE-2024-38588, CVE-2024-41092, CVE-2024-42120, CVE-2024-40901, CVE-2024-40981, CVE-2024-42127, CVE-2024-40932, CVE-2024-39475, CVE-2024-40957, CVE-2024-39501, CVE-2024-42090, CVE-2024-40904, CVE-2024-40978, CVE-2022-48772, CVE-2024-40934, CVE-2024-38548, CVE-2024-41005, CVE-2024-36489, CVE-2024-36978, CVE-2024-38573, CVE-2024-42106, CVE-2024-42104, CVE-2024-42085, CVE-2024-38621, CVE-2024-42098, CVE-2024-38662, CVE-2024-38587, CVE-2024-41089, CVE-2024-42095, CVE-2024-40916, CVE-2024-39487, CVE-2024-42229, CVE-2023-52884, CVE-2024-40974, CVE-2024-40980, CVE-2024-42225, CVE-2024-39502, CVE-2024-37356, CVE-2024-39488, CVE-2024-40912, CVE-2024-39507, CVE-2024-38591, CVE-2024-31076, CVE-2024-40984, CVE-2024-39500, CVE-2024-38582, CVE-2024-34027, CVE-2024-36270, CVE-2024-42076, CVE-2024-42247, CVE-2024-42154, CVE-2024-41047, CVE-2024-42244, CVE-2024-41049, CVE-2024-33847, CVE-2024-36015, CVE-2024-42161, CVE-2024-42082, CVE-2024-41048, CVE-2024-40961, CVE-2024-41000, CVE-2024-38598, CVE-2024-41040, CVE-2024-36971, CVE-2024-41007, CVE-2024-36972, CVE-2024-38610, CVE-2024-40937, CVE-2024-38615, CVE-2024-38555, CVE-2024-40943, CVE-2024-39466, CVE-2024-40990, CVE-2024-42115, CVE-2024-40995, CVE-2024-38612, CVE-2024-40987, CVE-2024-38558, CVE-2024-42236, CVE-2024-38381, CVE-2024-42157, CVE-2024-38560, CVE-2024-42101, CVE-2024-40970, CVE-2024-42094, CVE-2024-42148, CVE-2024-35247, CVE-2024-40963, CVE-2024-38580, CVE-2024-38633, CVE-2024-38637, CVE-2024-40905, CVE-2024-41093, CVE-2024-38619, CVE-2024-42093, CVE-2024-40945, CVE-2024-42092, CVE-2024-36286, CVE-2024-40954, CVE-2024-41041, CVE-2024-38571, CVE-2024-39503, CVE-2024-38546, CVE-2024-40976, CVE-2024-36014, CVE-2024-41087, CVE-2024-42109, CVE-2024-42070, CVE-2024-42080, CVE-2024-41006, CVE-2024-42145, CVE-2024-40960, CVE-2024-38597, CVE-2024-42086, CVE-2024-40967, CVE-2024-42130, CVE-2024-42153, CVE-2024-39509, CVE-2024-40914, CVE-2024-39277, CVE-2024-41055, CVE-2024-41095, CVE-2024-38780, CVE-2024-36974, CVE-2024-38607, CVE-2024-38583, CVE-2024-40927, CVE-2024-39490, CVE-2024-38599, CVE-2023-52887, CVE-2024-38565, CVE-2024-38552, CVE-2024-40942, CVE-2024-37078, CVE-2024-40911, CVE-2024-41035, CVE-2024-38550, CVE-2024-42102, CVE-2024-42121, CVE-2024-36032, CVE-2024-42240, CVE-2024-42140, CVE-2024-38589, CVE-2024-40931, CVE-2024-39505, CVE-2024-38596, CVE-2024-42223, CVE-2024-38567, CVE-2024-39495, CVE-2024-40959, CVE-2024-38586, CVE-2024-42087, CVE-2024-38661, CVE-2024-41097, CVE-2024-38559, CVE-2024-38618, CVE-2024-39493, CVE-2024-41002, CVE-2024-40958, CVE-2024-39468, CVE-2024-38601, CVE-2024-39499, CVE-2024-39482, CVE-2024-38579, CVE-2024-42077, CVE-2024-38578, CVE-2024-34777, CVE-2024-39301, CVE-2024-38605, CVE-2024-42131, CVE-2024-42084, CVE-2024-41027, CVE-2024-40968, CVE-2024-38547, CVE-2024-42119, CVE-2024-38627, CVE-2024-40941, CVE-2024-40994, CVE-2024-40988, CVE-2024-40902, CVE-2024-41046, CVE-2024-38549, CVE-2024-39506, CVE-2024-38634, CVE-2024-42124, CVE-2024-42105, CVE-2024-38623, CVE-2024-38624, CVE-2024-33621, CVE-2024-42068, CVE-2024-36894, CVE-2024-39489, CVE-2024-42270, CVE-2024-40929, CVE-2024-39276, CVE-2024-42152, CVE-2024-41034, CVE-2024-40983, CVE-2024-42224, CVE-2024-40956, CVE-2024-40971, CVE-2024-38635, CVE-2024-42097, CVE-2024-42232, CVE-2024-38659, CVE-2024-39467, CVE-2024-41004)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-7009-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(207246);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/13");
script_cve_id(
"CVE-2022-48772",
"CVE-2023-52884",
"CVE-2023-52887",
"CVE-2024-23848",
"CVE-2024-25741",
"CVE-2024-31076",
"CVE-2024-33621",
"CVE-2024-33847",
"CVE-2024-34027",
"CVE-2024-34777",
"CVE-2024-35247",
"CVE-2024-36014",
"CVE-2024-36015",
"CVE-2024-36032",
"CVE-2024-36270",
"CVE-2024-36286",
"CVE-2024-36489",
"CVE-2024-36894",
"CVE-2024-36971",
"CVE-2024-36972",
"CVE-2024-36974",
"CVE-2024-36978",
"CVE-2024-37078",
"CVE-2024-37356",
"CVE-2024-38381",
"CVE-2024-38546",
"CVE-2024-38547",
"CVE-2024-38548",
"CVE-2024-38549",
"CVE-2024-38550",
"CVE-2024-38552",
"CVE-2024-38555",
"CVE-2024-38558",
"CVE-2024-38559",
"CVE-2024-38560",
"CVE-2024-38565",
"CVE-2024-38567",
"CVE-2024-38571",
"CVE-2024-38573",
"CVE-2024-38578",
"CVE-2024-38579",
"CVE-2024-38580",
"CVE-2024-38582",
"CVE-2024-38583",
"CVE-2024-38586",
"CVE-2024-38587",
"CVE-2024-38588",
"CVE-2024-38589",
"CVE-2024-38590",
"CVE-2024-38591",
"CVE-2024-38596",
"CVE-2024-38597",
"CVE-2024-38598",
"CVE-2024-38599",
"CVE-2024-38601",
"CVE-2024-38605",
"CVE-2024-38607",
"CVE-2024-38610",
"CVE-2024-38612",
"CVE-2024-38613",
"CVE-2024-38615",
"CVE-2024-38618",
"CVE-2024-38619",
"CVE-2024-38621",
"CVE-2024-38623",
"CVE-2024-38624",
"CVE-2024-38627",
"CVE-2024-38633",
"CVE-2024-38634",
"CVE-2024-38635",
"CVE-2024-38637",
"CVE-2024-38659",
"CVE-2024-38661",
"CVE-2024-38662",
"CVE-2024-38780",
"CVE-2024-39276",
"CVE-2024-39277",
"CVE-2024-39301",
"CVE-2024-39466",
"CVE-2024-39467",
"CVE-2024-39468",
"CVE-2024-39469",
"CVE-2024-39471",
"CVE-2024-39475",
"CVE-2024-39480",
"CVE-2024-39482",
"CVE-2024-39487",
"CVE-2024-39488",
"CVE-2024-39489",
"CVE-2024-39490",
"CVE-2024-39493",
"CVE-2024-39495",
"CVE-2024-39499",
"CVE-2024-39500",
"CVE-2024-39501",
"CVE-2024-39502",
"CVE-2024-39503",
"CVE-2024-39505",
"CVE-2024-39506",
"CVE-2024-39507",
"CVE-2024-39509",
"CVE-2024-40901",
"CVE-2024-40902",
"CVE-2024-40904",
"CVE-2024-40905",
"CVE-2024-40908",
"CVE-2024-40911",
"CVE-2024-40912",
"CVE-2024-40914",
"CVE-2024-40916",
"CVE-2024-40927",
"CVE-2024-40929",
"CVE-2024-40931",
"CVE-2024-40932",
"CVE-2024-40934",
"CVE-2024-40937",
"CVE-2024-40941",
"CVE-2024-40942",
"CVE-2024-40943",
"CVE-2024-40945",
"CVE-2024-40954",
"CVE-2024-40956",
"CVE-2024-40957",
"CVE-2024-40958",
"CVE-2024-40959",
"CVE-2024-40960",
"CVE-2024-40961",
"CVE-2024-40963",
"CVE-2024-40967",
"CVE-2024-40968",
"CVE-2024-40970",
"CVE-2024-40971",
"CVE-2024-40974",
"CVE-2024-40976",
"CVE-2024-40978",
"CVE-2024-40980",
"CVE-2024-40981",
"CVE-2024-40983",
"CVE-2024-40984",
"CVE-2024-40987",
"CVE-2024-40988",
"CVE-2024-40990",
"CVE-2024-40994",
"CVE-2024-40995",
"CVE-2024-41000",
"CVE-2024-41002",
"CVE-2024-41004",
"CVE-2024-41005",
"CVE-2024-41006",
"CVE-2024-41007",
"CVE-2024-41027",
"CVE-2024-41034",
"CVE-2024-41035",
"CVE-2024-41040",
"CVE-2024-41041",
"CVE-2024-41044",
"CVE-2024-41046",
"CVE-2024-41047",
"CVE-2024-41048",
"CVE-2024-41049",
"CVE-2024-41055",
"CVE-2024-41087",
"CVE-2024-41089",
"CVE-2024-41092",
"CVE-2024-41093",
"CVE-2024-41095",
"CVE-2024-41097",
"CVE-2024-42068",
"CVE-2024-42070",
"CVE-2024-42076",
"CVE-2024-42077",
"CVE-2024-42080",
"CVE-2024-42082",
"CVE-2024-42084",
"CVE-2024-42085",
"CVE-2024-42086",
"CVE-2024-42087",
"CVE-2024-42089",
"CVE-2024-42090",
"CVE-2024-42092",
"CVE-2024-42093",
"CVE-2024-42094",
"CVE-2024-42095",
"CVE-2024-42096",
"CVE-2024-42097",
"CVE-2024-42098",
"CVE-2024-42101",
"CVE-2024-42102",
"CVE-2024-42104",
"CVE-2024-42105",
"CVE-2024-42106",
"CVE-2024-42109",
"CVE-2024-42115",
"CVE-2024-42119",
"CVE-2024-42120",
"CVE-2024-42121",
"CVE-2024-42124",
"CVE-2024-42127",
"CVE-2024-42130",
"CVE-2024-42131",
"CVE-2024-42137",
"CVE-2024-42140",
"CVE-2024-42145",
"CVE-2024-42148",
"CVE-2024-42152",
"CVE-2024-42153",
"CVE-2024-42154",
"CVE-2024-42157",
"CVE-2024-42161",
"CVE-2024-42223",
"CVE-2024-42224",
"CVE-2024-42225",
"CVE-2024-42229",
"CVE-2024-42232",
"CVE-2024-42236",
"CVE-2024-42240",
"CVE-2024-42244",
"CVE-2024-42247",
"CVE-2024-42270"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/08/28");
script_xref(name:"USN", value:"7009-1");
script_name(english:"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7009-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-7009-1 advisory.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2024-23848)
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the
device to be enabled before writing. A local attacker could possibly use this to cause a denial of
service. (CVE-2024-25741)
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing
xattr debug information. A local attacker could use this to cause a denial of service (system crash).
(CVE-2024-40902)
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to
compromise the system. This update corrects flaws in the following subsystems:
- ARM64 architecture;
- M68K architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Accessibility subsystem;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Bluetooth drivers;
- Character device driver;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- FPGA Framework;
- GPIO subsystem;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- HW tracing;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device (Mouse) drivers;
- Macintosh device drivers;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- NVME drivers;
- Pin controllers subsystem;
- PTP clock framework;
- S/390 drivers;
- SCSI drivers;
- SoundWire subsystem;
- Greybus lights staging drivers;
- Media staging drivers;
- Thermal drivers;
- TTY drivers;
- USB subsystem;
- DesignWare USB3 driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- eCrypt file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- IOMMU subsystem;
- Memory management;
- Netfilter;
- BPF subsystem;
- Kernel debugger infrastructure;
- DMA mapping infrastructure;
- IRQ subsystem;
- Tracing infrastructure;
- 9P file system network protocol;
- B.A.T.M.A.N. meshing protocol;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- Multipath TCP;
- NET/ROM layer;
- NFC subsystem;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- Unix domain sockets;
- Wireless networking;
- XFRM subsystem;
- ALSA framework;
- SoC Audio for Freescale CPUs drivers;
- Kirkwood ASoC drivers; (CVE-2024-38613, CVE-2024-42096, CVE-2024-40908, CVE-2024-42137, CVE-2024-38590,
CVE-2024-41044, CVE-2024-39480, CVE-2024-39469, CVE-2024-39471, CVE-2024-42089, CVE-2024-38588,
CVE-2024-41092, CVE-2024-42120, CVE-2024-40901, CVE-2024-40981, CVE-2024-42127, CVE-2024-40932,
CVE-2024-39475, CVE-2024-40957, CVE-2024-39501, CVE-2024-42090, CVE-2024-40904, CVE-2024-40978,
CVE-2022-48772, CVE-2024-40934, CVE-2024-38548, CVE-2024-41005, CVE-2024-36489, CVE-2024-36978,
CVE-2024-38573, CVE-2024-42106, CVE-2024-42104, CVE-2024-42085, CVE-2024-38621, CVE-2024-42098,
CVE-2024-38662, CVE-2024-38587, CVE-2024-41089, CVE-2024-42095, CVE-2024-40916, CVE-2024-39487,
CVE-2024-42229, CVE-2023-52884, CVE-2024-40974, CVE-2024-40980, CVE-2024-42225, CVE-2024-39502,
CVE-2024-37356, CVE-2024-39488, CVE-2024-40912, CVE-2024-39507, CVE-2024-38591, CVE-2024-31076,
CVE-2024-40984, CVE-2024-39500, CVE-2024-38582, CVE-2024-34027, CVE-2024-36270, CVE-2024-42076,
CVE-2024-42247, CVE-2024-42154, CVE-2024-41047, CVE-2024-42244, CVE-2024-41049, CVE-2024-33847,
CVE-2024-36015, CVE-2024-42161, CVE-2024-42082, CVE-2024-41048, CVE-2024-40961, CVE-2024-41000,
CVE-2024-38598, CVE-2024-41040, CVE-2024-36971, CVE-2024-41007, CVE-2024-36972, CVE-2024-38610,
CVE-2024-40937, CVE-2024-38615, CVE-2024-38555, CVE-2024-40943, CVE-2024-39466, CVE-2024-40990,
CVE-2024-42115, CVE-2024-40995, CVE-2024-38612, CVE-2024-40987, CVE-2024-38558, CVE-2024-42236,
CVE-2024-38381, CVE-2024-42157, CVE-2024-38560, CVE-2024-42101, CVE-2024-40970, CVE-2024-42094,
CVE-2024-42148, CVE-2024-35247, CVE-2024-40963, CVE-2024-38580, CVE-2024-38633, CVE-2024-38637,
CVE-2024-40905, CVE-2024-41093, CVE-2024-38619, CVE-2024-42093, CVE-2024-40945, CVE-2024-42092,
CVE-2024-36286, CVE-2024-40954, CVE-2024-41041, CVE-2024-38571, CVE-2024-39503, CVE-2024-38546,
CVE-2024-40976, CVE-2024-36014, CVE-2024-41087, CVE-2024-42109, CVE-2024-42070, CVE-2024-42080,
CVE-2024-41006, CVE-2024-42145, CVE-2024-40960, CVE-2024-38597, CVE-2024-42086, CVE-2024-40967,
CVE-2024-42130, CVE-2024-42153, CVE-2024-39509, CVE-2024-40914, CVE-2024-39277, CVE-2024-41055,
CVE-2024-41095, CVE-2024-38780, CVE-2024-36974, CVE-2024-38607, CVE-2024-38583, CVE-2024-40927,
CVE-2024-39490, CVE-2024-38599, CVE-2023-52887, CVE-2024-38565, CVE-2024-38552, CVE-2024-40942,
CVE-2024-37078, CVE-2024-40911, CVE-2024-41035, CVE-2024-38550, CVE-2024-42102, CVE-2024-42121,
CVE-2024-36032, CVE-2024-42240, CVE-2024-42140, CVE-2024-38589, CVE-2024-40931, CVE-2024-39505,
CVE-2024-38596, CVE-2024-42223, CVE-2024-38567, CVE-2024-39495, CVE-2024-40959, CVE-2024-38586,
CVE-2024-42087, CVE-2024-38661, CVE-2024-41097, CVE-2024-38559, CVE-2024-38618, CVE-2024-39493,
CVE-2024-41002, CVE-2024-40958, CVE-2024-39468, CVE-2024-38601, CVE-2024-39499, CVE-2024-39482,
CVE-2024-38579, CVE-2024-42077, CVE-2024-38578, CVE-2024-34777, CVE-2024-39301, CVE-2024-38605,
CVE-2024-42131, CVE-2024-42084, CVE-2024-41027, CVE-2024-40968, CVE-2024-38547, CVE-2024-42119,
CVE-2024-38627, CVE-2024-40941, CVE-2024-40994, CVE-2024-40988, CVE-2024-40902, CVE-2024-41046,
CVE-2024-38549, CVE-2024-39506, CVE-2024-38634, CVE-2024-42124, CVE-2024-42105, CVE-2024-38623,
CVE-2024-38624, CVE-2024-33621, CVE-2024-42068, CVE-2024-36894, CVE-2024-39489, CVE-2024-42270,
CVE-2024-40929, CVE-2024-39276, CVE-2024-42152, CVE-2024-41034, CVE-2024-40983, CVE-2024-42224,
CVE-2024-40956, CVE-2024-40971, CVE-2024-38635, CVE-2024-42097, CVE-2024-42232, CVE-2024-38659,
CVE-2024-39467, CVE-2024-41004)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-7009-1");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-42154");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/23");
script_set_attribute(attribute:"patch_publication_date", value:"2024/09/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1072-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1072-azure-fde");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
include('ksplice.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var kernel_mappings = {
'20.04': {
'5.15.0': {
'azure': '5.15.0-1072'
}
},
'22.04': {
'5.15.0': {
'azure-fde': '5.15.0-1072'
}
}
};
var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);
var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
extra += 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
else
{
audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-7009-1');
}
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
var cve_list = make_list('CVE-2022-48772', 'CVE-2023-52884', 'CVE-2023-52887', 'CVE-2024-23848', 'CVE-2024-25741', 'CVE-2024-31076', 'CVE-2024-33621', 'CVE-2024-33847', 'CVE-2024-34027', 'CVE-2024-34777', 'CVE-2024-35247', 'CVE-2024-36014', 'CVE-2024-36015', 'CVE-2024-36032', 'CVE-2024-36270', 'CVE-2024-36286', 'CVE-2024-36489', 'CVE-2024-36894', 'CVE-2024-36971', 'CVE-2024-36972', 'CVE-2024-36974', 'CVE-2024-36978', 'CVE-2024-37078', 'CVE-2024-37356', 'CVE-2024-38381', 'CVE-2024-38546', 'CVE-2024-38547', 'CVE-2024-38548', 'CVE-2024-38549', 'CVE-2024-38550', 'CVE-2024-38552', 'CVE-2024-38555', 'CVE-2024-38558', 'CVE-2024-38559', 'CVE-2024-38560', 'CVE-2024-38565', 'CVE-2024-38567', 'CVE-2024-38571', 'CVE-2024-38573', 'CVE-2024-38578', 'CVE-2024-38579', 'CVE-2024-38580', 'CVE-2024-38582', 'CVE-2024-38583', 'CVE-2024-38586', 'CVE-2024-38587', 'CVE-2024-38588', 'CVE-2024-38589', 'CVE-2024-38590', 'CVE-2024-38591', 'CVE-2024-38596', 'CVE-2024-38597', 'CVE-2024-38598', 'CVE-2024-38599', 'CVE-2024-38601', 'CVE-2024-38605', 'CVE-2024-38607', 'CVE-2024-38610', 'CVE-2024-38612', 'CVE-2024-38613', 'CVE-2024-38615', 'CVE-2024-38618', 'CVE-2024-38619', 'CVE-2024-38621', 'CVE-2024-38623', 'CVE-2024-38624', 'CVE-2024-38627', 'CVE-2024-38633', 'CVE-2024-38634', 'CVE-2024-38635', 'CVE-2024-38637', 'CVE-2024-38659', 'CVE-2024-38661', 'CVE-2024-38662', 'CVE-2024-38780', 'CVE-2024-39276', 'CVE-2024-39277', 'CVE-2024-39301', 'CVE-2024-39466', 'CVE-2024-39467', 'CVE-2024-39468', 'CVE-2024-39469', 'CVE-2024-39471', 'CVE-2024-39475', 'CVE-2024-39480', 'CVE-2024-39482', 'CVE-2024-39487', 'CVE-2024-39488', 'CVE-2024-39489', 'CVE-2024-39490', 'CVE-2024-39493', 'CVE-2024-39495', 'CVE-2024-39499', 'CVE-2024-39500', 'CVE-2024-39501', 'CVE-2024-39502', 'CVE-2024-39503', 'CVE-2024-39505', 'CVE-2024-39506', 'CVE-2024-39507', 'CVE-2024-39509', 'CVE-2024-40901', 'CVE-2024-40902', 'CVE-2024-40904', 'CVE-2024-40905', 'CVE-2024-40908', 'CVE-2024-40911', 'CVE-2024-40912', 'CVE-2024-40914', 'CVE-2024-40916', 'CVE-2024-40927', 'CVE-2024-40929', 'CVE-2024-40931', 'CVE-2024-40932', 'CVE-2024-40934', 'CVE-2024-40937', 'CVE-2024-40941', 'CVE-2024-40942', 'CVE-2024-40943', 'CVE-2024-40945', 'CVE-2024-40954', 'CVE-2024-40956', 'CVE-2024-40957', 'CVE-2024-40958', 'CVE-2024-40959', 'CVE-2024-40960', 'CVE-2024-40961', 'CVE-2024-40963', 'CVE-2024-40967', 'CVE-2024-40968', 'CVE-2024-40970', 'CVE-2024-40971', 'CVE-2024-40974', 'CVE-2024-40976', 'CVE-2024-40978', 'CVE-2024-40980', 'CVE-2024-40981', 'CVE-2024-40983', 'CVE-2024-40984', 'CVE-2024-40987', 'CVE-2024-40988', 'CVE-2024-40990', 'CVE-2024-40994', 'CVE-2024-40995', 'CVE-2024-41000', 'CVE-2024-41002', 'CVE-2024-41004', 'CVE-2024-41005', 'CVE-2024-41006', 'CVE-2024-41007', 'CVE-2024-41027', 'CVE-2024-41034', 'CVE-2024-41035', 'CVE-2024-41040', 'CVE-2024-41041', 'CVE-2024-41044', 'CVE-2024-41046', 'CVE-2024-41047', 'CVE-2024-41048', 'CVE-2024-41049', 'CVE-2024-41055', 'CVE-2024-41087', 'CVE-2024-41089', 'CVE-2024-41092', 'CVE-2024-41093', 'CVE-2024-41095', 'CVE-2024-41097', 'CVE-2024-42068', 'CVE-2024-42070', 'CVE-2024-42076', 'CVE-2024-42077', 'CVE-2024-42080', 'CVE-2024-42082', 'CVE-2024-42084', 'CVE-2024-42085', 'CVE-2024-42086', 'CVE-2024-42087', 'CVE-2024-42089', 'CVE-2024-42090', 'CVE-2024-42092', 'CVE-2024-42093', 'CVE-2024-42094', 'CVE-2024-42095', 'CVE-2024-42096', 'CVE-2024-42097', 'CVE-2024-42098', 'CVE-2024-42101', 'CVE-2024-42102', 'CVE-2024-42104', 'CVE-2024-42105', 'CVE-2024-42106', 'CVE-2024-42109', 'CVE-2024-42115', 'CVE-2024-42119', 'CVE-2024-42120', 'CVE-2024-42121', 'CVE-2024-42124', 'CVE-2024-42127', 'CVE-2024-42130', 'CVE-2024-42131', 'CVE-2024-42137', 'CVE-2024-42140', 'CVE-2024-42145', 'CVE-2024-42148', 'CVE-2024-42152', 'CVE-2024-42153', 'CVE-2024-42154', 'CVE-2024-42157', 'CVE-2024-42161', 'CVE-2024-42223', 'CVE-2024-42224', 'CVE-2024-42225', 'CVE-2024-42229', 'CVE-2024-42232', 'CVE-2024-42236', 'CVE-2024-42240', 'CVE-2024-42244', 'CVE-2024-42247', 'CVE-2024-42270');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-7009-1');
}
else
{
extra = extra + ksplice_reporting_text();
}
}
if (extra) {
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38549
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38560
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38565
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38567
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38578
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38579
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38580
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38582
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38601
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38605
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38612
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38613
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38618
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38624
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38633
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38661
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38780
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39277
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39468
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39475
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39488
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39489
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39493
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39503
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40902
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40905
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40912
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40914
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40916
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40987
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40990
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42106
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42152
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42223
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42229
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42236
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42240
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42270
ubuntu.com/security/notices/USN-7009-1
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
43.8%