Anolis OS update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 94 |
| CVE-ID | CVE-2023-20928 CVE-2023-20938 CVE-2022-3108 CVE-2022-3114 CVE-2022-3424 CVE-2022-36280 CVE-2022-3903 CVE-2022-39188 CVE-2022-41850 CVE-2022-42432 CVE-2022-4379 CVE-2022-4382 CVE-2022-45887 CVE-2023-0045 CVE-2023-0160 CVE-2023-0458 CVE-2023-0459 CVE-2023-0615 CVE-2023-1078 CVE-2023-1206 CVE-2023-1382 CVE-2023-1670 CVE-2023-1829 CVE-2023-1855 CVE-2023-1859 CVE-2023-1989 CVE-2023-1990 CVE-2023-2002 CVE-2023-2006 CVE-2023-20569 CVE-2023-20593 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2177 CVE-2023-2194 CVE-2023-22995 CVE-2023-2483 CVE-2023-33203 CVE-2023-26607 CVE-2023-28327 CVE-2023-2860 CVE-2023-2985 CVE-2023-3006 CVE-2023-30772 CVE-2023-3090 CVE-2023-31083 CVE-2023-31084 CVE-2023-31085 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248 CVE-2023-31436 CVE-2023-3161 CVE-2023-3212 CVE-2023-3220 CVE-2023-32269 CVE-2023-3268 CVE-2023-33288 CVE-2023-3358 CVE-2023-35001 CVE-2023-3567 CVE-2023-35788 CVE-2023-35823 CVE-2023-35824 CVE-2023-3141 CVE-2023-35828 CVE-2023-35829 CVE-2023-3609 CVE-2023-3610 CVE-2023-3611 CVE-2023-3772 CVE-2023-3773 CVE-2023-3776 CVE-2023-3812 CVE-2023-3863 CVE-2023-4004 CVE-2023-4015 CVE-2023-40283 CVE-2023-4128 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 CVE-2023-4132 CVE-2023-4147 CVE-2023-4155 CVE-2023-42753 CVE-2023-42754 CVE-2023-42755 CVE-2023-4563 CVE-2023-4623 CVE-2023-4921 CVE-2023-21400 CVE-2023-3389 |
| CWE-ID | CWE-416 CWE-119 CWE-252 CWE-476 CWE-787 CWE-399 CWE-362 CWE-120 CWE-254 CWE-667 CWE-1037 CWE-369 CWE-400 CWE-264 CWE-200 CWE-125 CWE-617 CWE-20 CWE-833 CWE-682 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #23 is available. Public exploit code for vulnerability #28 is available. Public exploit code for vulnerability #61 is available. Public exploit code for vulnerability #77 is available. Public exploit code for vulnerability #85 is available. |
| Vulnerable software |
Anolis OS Operating systems & Components / Operating system python3-perf Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-libs-devel Operating systems & Components / Operating system package or component kernel-tools-libs Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-modules-extra Operating systems & Components / Operating system package or component kernel-modules Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debug-modules-extra Operating systems & Components / Operating system package or component kernel-debug-modules Operating systems & Components / Operating system package or component kernel-debug-devel Operating systems & Components / Operating system package or component kernel-debug-core Operating systems & Components / Operating system package or component kernel-debug Operating systems & Components / Operating system package or component kernel-core Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component |
| Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains information about 94 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU71065
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Binder driver. A local application can trigger a race condition and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU72032
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20938
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Unchecked Return Value
EUVDB-ID: #VU71539
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3108
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked return value within the kfd_parse_subtype_iolink() function in drivers/gpu/drm/amd/amdkfd/kfd_crat.c. A local user can crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU70498
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3114
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the imx_register_uart_clocks() function in drivers/clk/imx/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU69759
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3424
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gru_set_context_option(), gru_fault() and gru_handle_user_call_os() functions in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU71480
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-36280
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU70465
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3903
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an incorrect read request flaw in the Infrared Transceiver USB driver in Linux kernel. An attacker with physical access to the system can starve system resources and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU67478
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-39188
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within include/asm-generic/tlb.h in the Linux kernel. A local user can exploit the race and escalate privileges on the system.
Note, this only occurs in situations with VM_PFNMAP VMAs.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Race condition
EUVDB-ID: #VU69792
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41850
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the roccat_report_event() function in drivers/hid/hid-roccat.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU73749
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42432
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to memory safety bugs. A remote unauthenticated attacker can trick the victim into opening a specially crafted file, trigger buffer overflow and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU71583
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-4379
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the __nfs42_ssc_open() function in fs/nfs/nfs4file.c. A remote attacker can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU72328
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-4382
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the gadgetfs Linux driver. An attacker with physical access to the system can trigger a use-after-free by manipulating the external device with gadgetfs and execute arbitrary code.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Race condition
EUVDB-ID: #VU75338
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-45887
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Security features bypass
EUVDB-ID: #VU72469
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-0045
CWE-ID:
CWE-254 - Security Features
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to Linux kernel does not correctly mitigate SMT attacks. A local user can bypass Spectre-BTI user space mitigations and gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Improper locking
EUVDB-ID: #VU90810
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0160
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU76223
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the do_prlimit() function. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU76222
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0459
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Divide by zero
EUVDB-ID: #VU92736
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0615
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
A memory leak flaw and potential divide by 0 and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds write
EUVDB-ID: #VU74054
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1078
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the rds_rm_zerocopy_callback() function in Linux kernel RDS (Reliable Datagram Sockets) protocol. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource exhaustion
EUVDB-ID: #VU77953
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1206
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU74550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1382
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU75450
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1670
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Xircom 16-bit PCMCIA (PC-card) Ethernet driver. A local user can trigger a use-after-free error and execute arbitrary code on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU75448
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-1829
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
24) Use-after-free
EUVDB-ID: #VU75451
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU75769
Risk: Medium
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1859
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to gain access to sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xen_9pfs_front_removet() function in net/9p/trans_xen.c in Xen transport for 9pfs. A malicious guest VM can trigger a use-after-free error and gain access to sensitive information of the hypervisor or crash it.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU75452
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1989
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a
use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU75453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1990
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ndlc_remove() function in drivers/nfc/st-nci/ndlc.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU75163
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-2002
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
29) Race condition
EUVDB-ID: #VU75104
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2006
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the processing of RxRPC bundles in net/rxrpc/ar-internal.h. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Information disclosure
EUVDB-ID: #VU79263
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20569
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a side channel issue in AMD CPUs. A remote user can influence the return address prediction and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU78572
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20593
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability was dubbed Zenbleed.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU75323
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2124
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack..
The vulnerability exists due to a boundary condition within the XFS subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Reachable Assertion
EUVDB-ID: #VU76392
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-2156
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling IPv6 RPL protocol. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU75994
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU81924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2177
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the net/sctp/stream_sched.c in Linux kernel. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds write
EUVDB-ID: #VU77249
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2194
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's SLIMpro I2C device driver. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Input validation error
EUVDB-ID: #VU73767
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-22995
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the dwc3_qcom_acpi_register_core() function in drivers/usb/dwc3/dwc3-qcom.c. A local user can execute arbitrary code on the system with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Race condition
EUVDB-ID: #VU76024
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2483
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in Qualcomm EMAC Gigabit Ethernet Controller. An attacker with physical access to system can remove the device before cleanup in the emac_remove() function is called, trigger a use-after-free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Race condition
EUVDB-ID: #VU77496
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-33203
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. An attacker with physical access to the system can exploit the race by unplugging an emac based device and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU74125
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-26607
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ntfs_attr_find() function in fs/ntfs/attrib.c in Linux kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU74772
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28327
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU78675
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2860
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the SR-IPv6 implementation when processing seg6 attributes. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU77495
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2985
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the hfsplus_put_super() function in fs/hfsplus/super.c. A local user can trigger a use-after-free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU77247
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3006
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allow a local user to gain access to sensitive information.
The vulnerability exists due to a known cache speculation vulnerability (Spectre-BHB) for the new hw AmpereOne. A local user can gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Race condition
EUVDB-ID: #VU75996
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-30772
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a race condition in rivers/power/supply/da9150-charger.c in Linux kernel. An attacker with physical access to device can trigger a race condition while unplugin the device and execute arbitrary code on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds write
EUVDB-ID: #VU78010
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3090
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ipvlan network driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU79496
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31083
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hci_uart_tty_ioctl() function in drivers/bluetooth/hci_ldisc.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Deadlock
EUVDB-ID: #VU77246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31084
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Division by zero
EUVDB-ID: #VU82660
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31085
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the drivers/mtd/ubi/cdev.c driver. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU77911
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3111
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prepare_to_relocate() function in fs/btrfs/relocation.c in btrfs in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU78457
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3117
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Netfilter subsystem. A local user with CAP_NET_ADMIN capability can trigger the use-after-free error and execute arbitrary code on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU78325
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31248
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds write
EUVDB-ID: #VU76098
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31436
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the qfq_change_class() function in net/sched/sch_qfq.c when handling the MTU value provided to the QFQ Scheduler. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Incorrect calculation
EUVDB-ID: #VU77956
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3161
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation in the Framebuffer Console (fbcon) in the Linux kernel. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) NULL pointer dereference
EUVDB-ID: #VU78009
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3212
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the gfs2 file system in the Linux kernel. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) NULL pointer dereference
EUVDB-ID: #VU78471
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3220
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the dpu_crtc_atomic_check() function in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU76221
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-32269
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in net/netrom/af_netrom.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability requires that the system has netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds read
EUVDB-ID: #VU78008
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3268
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU76410
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-33288
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the bq24190_remove function in drivers/power/supply/bq24190_charger.c. A local authenticated user can trigger a use-after-free error and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU78063
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3358
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Integrated Sensor Hub (ISH) driver. A local user and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Out-of-bounds write
EUVDB-ID: #VU78326
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-35001
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
62) Use-after-free
EUVDB-ID: #VU79491
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3567
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc_screen() function in vcs_read in drivers/tty/vt/vc_screen.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Out-of-bounds write
EUVDB-ID: #VU77502
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35788
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fl_set_geneve_opt() function in net/sched/cls_flower.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Race condition
EUVDB-ID: #VU77957
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35823
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the saa7134_finidev() function in drivers/media/pci/saa7134/saa7134-core.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU78062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35824
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dm1105_remove() function in drivers/media/pci/dm1105/dm1105.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU77955
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3141
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Race condition
EUVDB-ID: #VU77958
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35828
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the renesas_usb3_remove() function in drivers/usb/gadget/udc/renesas_usb3.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use-after-free
EUVDB-ID: #VU78264
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35829
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rkvdec_remove() function in drivers/staging/media/rkvdec/rkvdec.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Use-after-free
EUVDB-ID: #VU78941
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3609
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU78779
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3610
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables component in Linux kernel netfilter. A local user with CAP_NET_ADMIN capability can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Out-of-bounds write
EUVDB-ID: #VU78943
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3611
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU80578
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Out-of-bounds read
EUVDB-ID: #VU80579
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3773
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes and gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use-after-free
EUVDB-ID: #VU79285
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3776
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Out-of-bounds write
EUVDB-ID: #VU78928
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3812
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the TUN/TAP device driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use-after-free
EUVDB-ID: #VU79479
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3863
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_llcp_find_local() function in net/nfc/llcp_core.c in NFC implementation in Linux kernel. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use-after-free
EUVDB-ID: #VU79498
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-4004
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
78) Buffer overflow
EUVDB-ID: #VU80123
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4015
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nft_immediate.c when handling bound chain deactivation. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Use-after-free
EUVDB-ID: #VU79714
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-40283
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use-after-free
EUVDB-ID: #VU79486
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4128
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use-after-free
EUVDB-ID: #VU80580
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4206
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_route component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Use-after-free
EUVDB-ID: #VU80587
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4207
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_fw component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Use-after-free
EUVDB-ID: #VU80586
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4208
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_u32 component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Use-after-free
EUVDB-ID: #VU79712
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4132
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the siano smsusb module in the Linux kernel. A local user can trigger a use-after-free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Use-after-free
EUVDB-ID: #VU79713
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-4147
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
86) Race condition
EUVDB-ID: #VU79488
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4155
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in KVM AMD Secure Encrypted Virtualization (SEV) in Linux kernel. A local user can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Out-of-bounds write
EUVDB-ID: #VU81663
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42753
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) NULL pointer dereference
EUVDB-ID: #VU81452
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42754
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Out-of-bounds read
EUVDB-ID: #VU82305
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42755
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the IPv4 Resource Reservation Protocol (RSVP) classifier function in the Linux kernel. A local user can trigger an out-of-bounds read error and crash the Linux kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU80177
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4563
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the nft_verdict_dump() function of the nftables sub-component. A local user can trigger a race condition between set GC and transaction and perform a DoS attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU81664
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4623
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use-after-free
EUVDB-ID: #VU81693
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4921
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Improper input validation
EUVDB-ID: #VU77993
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21400
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Kernel io_uring subcomponent in Kernel components. A local application can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU78066
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3389
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux Kernel io_uring subsystem. A local user can exploit a race condition and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
python3-perf: before 5.10.134-16
perf: before 5.10.134-16
kernel-tools-libs-devel: before 5.10.134-16
kernel-tools-libs: before 5.10.134-16
kernel-tools: before 5.10.134-16
kernel-modules-extra: before 5.10.134-16
kernel-modules: before 5.10.134-16
kernel-headers: before 5.10.134-16
kernel-devel: before 5.10.134-16
kernel-debug-modules-extra: before 5.10.134-16
kernel-debug-modules: before 5.10.134-16
kernel-debug-devel: before 5.10.134-16
kernel-debug-core: before 5.10.134-16
kernel-debug: before 5.10.134-16
kernel-core: before 5.10.134-16
kernel: before 5.10.134-16
bpftool: before 5.10.134-16
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules-extra:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-modules:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel-core:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
