Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
EUVDB-ID: #VU93211
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47014
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcf_ct_handle_fragments(), tcf_ct_act() and skb_push_rcsum() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93164
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47036
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87745
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90884
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52528
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90629
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wfx_upload_ap_templates() and wfx_start_ap() functions in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89254
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88885
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52603
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
python3-perf: before 5.10.0-60.131.0.158
kernel-devel: before 5.10.0-60.131.0.158
python3-perf-debuginfo: before 5.10.0-60.131.0.158
perf: before 5.10.0-60.131.0.158
kernel-headers: before 5.10.0-60.131.0.158
kernel-tools-devel: before 5.10.0-60.131.0.158
kernel-source: before 5.10.0-60.131.0.158
kernel-debuginfo: before 5.10.0-60.131.0.158
bpftool-debuginfo: before 5.10.0-60.131.0.158
kernel-tools: before 5.10.0-60.131.0.158
bpftool: before 5.10.0-60.131.0.158
kernel-tools-debuginfo: before 5.10.0-60.131.0.158
kernel-debugsource: before 5.10.0-60.131.0.158
perf-debuginfo: before 5.10.0-60.131.0.158
kernel: before 5.10.0-60.131.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1347
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.