Risk | High |
Patch available | YES |
Number of vulnerabilities | 73 |
CVE-ID | CVE-2021-33061 CVE-2021-3759 CVE-2022-3606 CVE-2022-36280 CVE-2022-3707 CVE-2022-39188 CVE-2022-4095 CVE-2022-41849 CVE-2022-42432 CVE-2022-4379 CVE-2022-4382 CVE-2022-4662 CVE-2022-4744 CVE-2022-47521 CVE-2022-47929 CVE-2023-0045 CVE-2023-0386 CVE-2023-0458 CVE-2023-0459 CVE-2023-0461 CVE-2023-0590 CVE-2023-0597 CVE-2023-1073 CVE-2023-1074 CVE-2023-1075 CVE-2023-1076 CVE-2023-1077 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1281 CVE-2023-1380 CVE-2023-1382 CVE-2023-1611 CVE-2023-1670 CVE-2023-1829 CVE-2023-1855 CVE-2023-1859 CVE-2023-1989 CVE-2023-1990 CVE-2023-2002 CVE-2023-20928 CVE-2023-20938 CVE-2023-2124 CVE-2023-2162 CVE-2023-2177 CVE-2023-2194 CVE-2023-2269 CVE-2023-22995 CVE-2023-23000 CVE-2023-23004 CVE-2023-2483 CVE-2023-33203 CVE-2023-25012 CVE-2023-26545 CVE-2023-26607 CVE-2023-28327 CVE-2023-28466 CVE-2023-2985 CVE-2023-30456 CVE-2023-30772 CVE-2023-3117 CVE-2023-31248 CVE-2023-3220 CVE-2023-32233 CVE-2023-32269 CVE-2023-3268 CVE-2023-33288 CVE-2023-35001 CVE-2023-35788 CVE-2023-3141 CVE-2023-2513 CVE-2023-28328 |
CWE-ID | CWE-20 CWE-400 CWE-476 CWE-787 CWE-415 CWE-362 CWE-120 CWE-416 CWE-284 CWE-254 CWE-264 CWE-1037 CWE-401 CWE-119 CWE-843 CWE-125 CWE-667 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #16 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #36 is available. Public exploit code for vulnerability #41 is available. Public exploit code for vulnerability #65 is available. Public exploit code for vulnerability #69 is available. |
Vulnerable software |
Anolis OS Operating systems & Components / Operating system python3-perf Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-libs-devel Operating systems & Components / Operating system package or component kernel-tools-libs Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-modules-extra Operating systems & Components / Operating system package or component kernel-modules Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debug-modules-extra Operating systems & Components / Operating system package or component kernel-debug-modules Operating systems & Components / Operating system package or component kernel-debug-devel Operating systems & Components / Operating system package or component kernel-debug-core Operating systems & Components / Operating system package or component kernel-debug Operating systems & Components / Operating system package or component kernel-core Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component |
Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains information about 73 vulnerabilities.
EUVDB-ID: #VU60490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-33061
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control flow management. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3759
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73782
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3606
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the find_prog_by_sec_insn() function in tools/lib/bpf/libbpf.c of the BPF component. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71480
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-36280
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70487
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3707
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the intel_gvt_dma_map_guest_page() function in Intel GVT-g graphics driver. A local user can trigger a double free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67478
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-39188
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within include/asm-generic/tlb.h in the Linux kernel. A local user can exploit the race and escalate privileges on the system.
Note, this only occurs in situations with VM_PFNMAP VMAs.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69805
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-4095
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the cmd_hdl_filter() function in drivers/staging/rtl8712/rtl8712_cmd.c. A local user can trigger a double free error and execute arbitrary code with escalated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68340
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41849
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in the drivers/video/fbdev/smscufx.c in the Linux kernel. An attacker with physical proximity to the system can remove the USB device while calling open(), cause a race condition between the ufx_ops_open and ufx_usb_disconnect and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73749
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42432
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to memory safety bugs. A remote unauthenticated attacker can trick the victim into opening a specially crafted file, trigger buffer overflow and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71583
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-4379
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the __nfs42_ssc_open() function in fs/nfs/nfs4file.c. A remote attacker can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72328
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-4382
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the gadgetfs Linux driver. An attacker with physical access to the system can trigger a use-after-free by manipulating the external device with gadgetfs and execute arbitrary code.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71541
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-4662
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the Linux kernel USB core subsystem in the way user attaches usb device. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74053
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-4744
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70628
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47521
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver. A local user trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71479
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-47929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the traffic control subsystem in Linux kernel. A local user can pass pass a specially crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72469
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-0045
CWE-ID:
CWE-254 - Security Features
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to Linux kernel does not correctly mitigate SMT attacks. A local user can bypass Spectre-BTI user space mitigations and gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU74410
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2023-0386
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unauthorized access to execution of setuid files in OverlayFS subsystem when copying a capable file from a nosuid mount into another mount. A local user can execute arbitrary code with root privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU76223
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the do_prlimit() function. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76222
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0459
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72506
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0461
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Upper Level Protocol (ULP) subsystem in Linux kernel caused by improper handling of sockets entering the LISTEN state in certain protocols. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72098
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0590
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the qdisc_graft() function in net/sched/sch_api.c. A local user can trigger a use-after-free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73765
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0597
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the Linux kernel cpu_entry_area mapping of X86 CPU data. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74123
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1073
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74124
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72700
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1075
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72742
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1076
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error during initialization of TUN/TAP sockets. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72699
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1077
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the pick_next_rt_entity() function pick_next_rt_entity(). A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74054
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1078
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the rds_rm_zerocopy_callback() function in Linux kernel RDS (Reliable Datagram Sockets) protocol. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73783
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the nf_tables_updtable() function within the netfilter subsystem. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72734
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1118
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74122
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1281
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73280
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1380
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Broadcom Full MAC Wi-Fi driver (brcmfmac.ko). A local user can trigger an out-of-bounds read error and read contents of kernel memory on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1382
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75204
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1611
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75450
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1670
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Xircom 16-bit PCMCIA (PC-card) Ethernet driver. A local user can trigger a use-after-free error and execute arbitrary code on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75448
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-1829
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU75451
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75769
Risk: Medium
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1859
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to gain access to sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xen_9pfs_front_removet() function in net/9p/trans_xen.c in Xen transport for 9pfs. A malicious guest VM can trigger a use-after-free error and gain access to sensitive information of the hypervisor or crash it.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75452
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1989
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a
use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1990
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ndlc_remove() function in drivers/nfc/st-nci/ndlc.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75163
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-2002
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU71065
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Binder driver. A local application can trigger a race condition and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72032
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20938
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75323
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2124
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack..
The vulnerability exists due to a boundary condition within the XFS subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75994
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2177
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the net/sctp/stream_sched.c in Linux kernel. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77249
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2194
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's SLIMpro I2C device driver. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77243
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2269
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73767
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-22995
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the dwc3_qcom_acpi_register_core() function in drivers/usb/dwc3/dwc3-qcom.c. A local user can execute arbitrary code on the system with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73769
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-23000
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the tegra_xusb_find_port_node() function in drivers/phy/tegra/xusb.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73773
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-23004
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the get_sg_table() function in drivers/gpu/drm/arm/malidp_planes.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76024
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2483
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in Qualcomm EMAC Gigabit Ethernet Controller. An attacker with physical access to system can remove the device before cleanup in the emac_remove() function is called, trigger a use-after-free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77496
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-33203
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. An attacker with physical access to the system can exploit the race by unplugging an emac based device and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71764
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-25012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the bigben_remove() function in drivers/hid/hid-bigbenff.c. An attacker with physical access to the system can attach a specially crafted USB device to the system and cause a denial of service condition.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73766
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-26545
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74125
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-26607
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ntfs_attr_find() function in fs/ntfs/attrib.c in Linux kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74772
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28327
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74628
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28466
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77495
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2985
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the hfsplus_put_super() function in fs/hfsplus/super.c. A local user can trigger a use-after-free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75456
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-30456
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of consistency for for CR0 and CR4 in arch/x86/kvm/vmx/nested.c in the Linux kernel. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75996
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-30772
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a race condition in rivers/power/supply/da9150-charger.c in Linux kernel. An attacker with physical access to device can trigger a race condition while unplugin the device and execute arbitrary code on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78457
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3117
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Netfilter subsystem. A local user with CAP_NET_ADMIN capability can trigger the use-after-free error and execute arbitrary code on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78325
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31248
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78471
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3220
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the dpu_crtc_atomic_check() function in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75807
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-32233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Netfilter nf_tables when processing batch requests. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU76221
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-32269
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in net/netrom/af_netrom.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability requires that the system has netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78008
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3268
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76410
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-33288
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the bq24190_remove function in drivers/power/supply/bq24190_charger.c. A local authenticated user can trigger a use-after-free error and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78326
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-35001
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU77502
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35788
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fl_set_geneve_opt() function in net/sched/cls_flower.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77955
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3141
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76455
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2513
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4 filesystem in the way it handled the extra inode size for extended attributes. A local user can trigger a use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28328
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-perf: before 5.10.134-15
perf: before 5.10.134-15
kernel-tools-libs-devel: before 5.10.134-15
kernel-tools-libs: before 5.10.134-15
kernel-tools: before 5.10.134-15
kernel-modules-extra: before 5.10.134-15
kernel-modules: before 5.10.134-15
kernel-headers: before 5.10.134-15
kernel-devel: before 5.10.134-15
kernel-debug-modules-extra: before 5.10.134-15
kernel-debug-modules: before 5.10.134-15
kernel-debug-devel: before 5.10.134-15
kernel-debug-core: before 5.10.134-15
kernel-debug: before 5.10.134-15
kernel-core: before 5.10.134-15
kernel: before 5.10.134-15
bpftool: before 5.10.134-15
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2023:0445
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.